Hi,
I have a DNS server doing forward and reverse for 4 domains. all are working forward as well as reverse. one (netstar-sxm.net) only forward lookup works, but not the reverse.
below is the named.conf as well as forward and reverse for this domain.
when I do a reverse lookup for the netstar-sxm hosts, I get "lame-server" errors in my logs.
what am I doing wrong? please help.

// named.conf for Red Hat caching-nameserver
//

options {
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
/*
* allow-recursion {127.0.0.1;66.165.179.0/24;66.165.177.112/28;200.71.197.168/29;66.175.120.224/27;66.175.120.112/29;};
*/
query-source address * port 53;
};

//
// a caching only nameserver config
//
controls {
inet 127.0.0.1 allow { localhost; } keys { rndckey; };
};

zone "." IN {
type hint;
file "named.ca";
};

zone "localdomain" IN {
type master;
file "localdomain.zone";
allow-update { none; };
};

zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};

zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};

zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 .0.0.0.0.0.0.ip6.arpa" IN {
type master;
file "named.ip6.local";
allow-update { none; };
};

zone "255.in-addr.arpa" IN {
type master;
file "named.broadcast";
allow-update { none; };
};

zone "0.in-addr.arpa" IN {
type master;
file "named.zero";
allow-update { none; };
};

zone "voxtelecom.net" IN {
type master;
file "db.voxtelecom.net";
allow-transfer { 66.165.177.122; };
};


zone "tallard.com" IN {
type master;
file "db.tallard.com";
allow-transfer { 66.165.177.122; };
};

zone "netstar-sxm.com" IN {
type master;
file "db.netstar-sxm.com";
allow-transfer { 66.165.177.122; };
};

zone "112/28.177.165.66.in-addr.arpa" IN {
type master;
file "db.66.165.177";
allow-transfer { 66.165.177.122; };
};

zone "0/25.179.165.66.in-addr.arpa" IN {
type master;
file "db.66.165.179";
allow-transfer { 66.165.177.122; };
};


zone "224/27.120.175.66.in-addr.arpa" IN {
type master;
file "db.66.175.120.224";
allow-transfer { 66.165.177.122; };
};

include "/etc/rndc.key";

Forward:

$TTL 86400
$ORIGIN netstar-sxm.com.
netstar-sxm.com. IN SOA ns1.voxtelecom.net. pfischer.atmit.com. (
2010021202
28800
14400
3600000
86400 )
; Name Servers
netstar-sxm.com. IN NS ns1.voxtelecom.net.
netstar-sxm.com. IN NS ns2.voxtelecom.net.

; Public Servers
scc IN A 66.165.179.24
one IN A 66.165.179.25
net IN A 206.223.158.49
; Aliases

; EOF

Reverse :

;$ORIGIN 0/25.179.165.66.in-addr.arpa.
$TTL 86400
@ IN SOA ns1.voxtelecom.net. pfischer.atmit.com. (
2010021304 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
; Name Servers
IN NS ns1.voxtelecom.net.
IN NS ns2.voxtelecom.net.

; Public Servers
24 IN PTR scc.netstar-sxm.com.
25 IN PTR one.netstar-sxm.com.
70 IN PTR exchange.sea-grapes.com.
106 IN PTR mail.netstar-sxm.com.
; EOF


messages log file:

Mar 19 00:05:08 ns1 named[1317]: lame server resolving '24.179.165.66.in-addr.arpa' (in '179.165.66.in-addr.arpa'?): 66.165.177.121#53

Lame server means that this server is meant to be auhtoritative for this zone, but does not serve that zone. Try this

##########################################
NAMED.CONF
##########################################
zone "179.165.66.in-addr.arpa" IN {
type master;
file "db.66.165.179";
allow-transfer { 66.165.177.122; };
};
##########################################
FILE db.66.165.179
##########################################
;$ORIGIN 0/25.179.165.66.in-addr.arpa. ###Why this is commented
$ORIGIN 179.165.66.in-addr.arpa.
$TTL 86400
@ IN SOA ns1.voxtelecom.net. pfischer.atmit.com. (
2010021304 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
; Name Servers
IN NS ns1.voxtelecom.net.
IN NS ns2.voxtelecom.net.

; Public Servers
24 IN PTR scc.netstar-sxm.com.
25 IN PTR one.netstar-sxm.com.
70 IN PTR exchange.sea-grapes.com.
106 IN PTR mail.netstar-sxm.com.
; EOF

Ho Hostmaster,
thanks for helping.
I just uncommented it.
changed it to :
in named.conf :

zone "0.179.165.66.in-addr.arpa" IN {
type master;
file "db.66.165.179";
allow-transfer { 66.165.177.122; };
};


in db.66.165.179 reverse file :

$ORIGIN 0.179.165.66.in-addr.arpa.
$TTL 86400
@ IN SOA ns1.voxtelecom.net. pfischer.atmit.com. (
2010021306
28800
14400
3600000
86400 )
; Name Servers
IN NS ns1.voxtelecom.net.
IN NS ns2.voxtelecom.net.

; Public Servers
24 IN PTR scc.netstar-sxm.com.
25 IN PTR one.netstar-sxm.com.
70 IN PTR exchange.sea-grapes.com.
106 IN PTR mail.netstar-sxm.com.
; EOF



same results. when I do a nslookup 66.165.179.24 from that server I get :
;; Got SERVFAIL reply from 66.165.177.121, trying next server
Server: 127.0.0.1
Address: 127.0.0.1#53

** server can't find 24.179.165.66.in-addr.arpa: SERVFAIL


it works just fine for my other domains.

I asked my ISP, and they guaranteed me that they delegated the SOA.
so I'm banging my head against the wall.

by the way,
bind doesnt start if i use :
$ORIGIN 179.165.66.in-addr.arpa.
it has to be
$ORIGIN 0.179.165.66.in-addr.arpa.

I had explored that change already before, with no luck.

Hi,

You must verify with your ISP the zone name that he's delegating to you. 0/25.179.165.66.in-addr.arpa looks correct.
Also put the $ORIGIN after the $TTL line.

I swtched the TTL with ORIGIN around, no luck.
here's the outpu from dig on my DNS server:
If I interpret it correctly it states that there is no authority. therefore I will double check again with my ISP. but as I said, they told me before that they did the delegation.

> dig -x 66.165.179.24

; <<>> DiG 9.3.2 <<>> -x 66.165.179.24
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 39763
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;24.179.165.66.in-addr.arpa. IN PTR

;; Query time: 2 msec
;; SERVER: 66.165.177.121#53(66.165.177.121)
;; WHEN: Thu Mar 21 20:40:45 2002
;; MSG SIZE rcvd: 44

I tried both
0/25.179.165.66.in-addr.arpa
and
0.179.165.66.in-addr.arpa
of course modified in both the named.conf as well as the db.66.165.179 files.

with the idea at first to CIDR it in two subnetworks/two domains. neither case worked. so I'll continue for now with just a full class C.

I suppose you are increasing the serial?
Check also the logs, because there must be something written there, either on bind reloading or for the SERVFAIL.

Yes i do increase the serial before restarting bind.
in the messages log file I see it loads the zones without errors. when i do a lookup i get the following :
Mar 21 21:04:28 ns1 named[27316]: lame server resolving '162.179.165.66.in-addr.arpa' (in '179.165.66.in-addr.arpa'?): 66.165.177.121#53

which indicates a problem with the SOA for that domain, correct?
since I don't see any config problems with my zone files, it has to be my provider, although they told me they did the delegations.

pulling my hair....

thx for the replies by the way, much appreciated.

I'm also thinking it's your ISP.
What gives:

> dig soa 0/25.179.165.66.in-addr.arpa

; <<>> DiG 9.3.2 <<>> soa 0/25.179.165.66.in-addr.arpa
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 53689
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;0/25.179.165.66.in-addr.arpa. IN SOA

;; Query time: 3 msec
;; SERVER: 66.165.177.121#53(66.165.177.121)
;; WHEN: Thu Mar 21 21:20:34 2002
;; MSG SIZE rcvd: 46




> dig -x 66.165.179.24 @66.165.160.179

; <<>> DiG 9.3.2 <<>> -x 66.165.179.24 @66.165.160.179
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 26883
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;24.179.165.66.in-addr.arpa. IN PTR

;; Query time: 2036 msec
;; SERVER: 66.165.160.179#53(66.165.160.179)
;; WHEN: Thu Mar 21 21:22:45 2002
;; MSG SIZE rcvd: 44

So it's your ISP since you get a SERVFAIL.
You should have taken an answer for both queries (at least a NXDOMAIN)
Also:
you don't get "aa" in the flags section (meaning that 66.165.160.179 is not authoritative for this zone!!!!!)

Yea I'll take this up with the ISP tomorrow. will post the results.
thanks for your help so far.

Here is a ptr query from http://www.dnswatch.info. Looks like there is a loop but it should resolve when directly queried from your bind server. Are you querying directly from the an authoritative server or from some other server that does a complete dns traversal ?

#################################################################################################### ########################
Searching for 24.179.165.66.in-addr.arpa. PTR record at K.ROOT-SERVERS.NET. [193.0.14.129] ...took 9 ms
Searching for z.arin.net. A record at A.ROOT-SERVERS.NET. [198.41.0.4] ...took 87 ms
Searching for m.gtld-servers.net. A record at I.ROOT-SERVERS.NET. [192.36.148.17] ...took 3 ms
Searching for m.gtld-servers.net. A record at m.gtld-servers.net. [192.55.83.30] ...took 132 ms
Searching for z.arin.net. A record at m.gtld-servers.net. [192.55.83.30] ...took 127 ms
Searching for z.arin.net. A record at c3.nstld.com. [192.26.92.32] ...took 87 ms
Searching for 24.179.165.66.in-addr.arpa. PTR record at z.arin.net. [199.212.0.63] ...took 101 ms
Searching for ns1.voxtelecom.net. A record at L.ROOT-SERVERS.NET. [198.32.64.12]
Query timed out (interrupted after 1,999 milliseconds)
Retrying...
Searching for ns1.voxtelecom.net. A record at E.ROOT-SERVERS.NET. [192.203.230.10] ...took 172 ms
Searching for ns1.voxtelecom.net. A record at E.GTLD-SERVERS.net. [192.12.94.30] ...took 19 ms
Searching for 24.179.165.66.in-addr.arpa. PTR record at ns1.voxtelecom.net. [66.165.177.121] null
Searching for 24.179.165.66.in-addr.arpa. PTR record at ns2.voxtelecom.net. [66.165.177.122] ...took 135 ms
Searching for 24.179.165.66.in-addr.arpa. PTR record at ns1.voxtelecom.net. [66.165.177.121] null
Searching for 24.179.165.66.in-addr.arpa. PTR record at ns2.voxtelecom.net. [66.165.177.122] ...took 135 ms
Searching for 24.179.165.66.in-addr.arpa. PTR record at ns1.voxtelecom.net. [66.165.177.121] null
Searching for 24.179.165.66.in-addr.arpa. PTR record at ns2.voxtelecom.net. [66.165.177.122] ...took 133 ms
Searching for 24.179.165.66.in-addr.arpa. PTR record at ns1.voxtelecom.net. [66.165.177.121] null
Searching for 24.179.165.66.in-addr.arpa. PTR record at ns2.voxtelecom.net. [66.165.177.122] ...took 135 ms
Searching for 24.179.165.66.in-addr.arpa. PTR record at ns1.voxtelecom.net. [66.165.177.121] null
Searching for 24.179.165.66.in-addr.arpa. PTR record at ns2.voxtelecom.net. [66.165.177.122] ...took 135 ms
Searching for 24.179.165.66.in-addr.arpa. PTR record at ns2.voxtelecom.net. [66.165.177.122] ...took 135 ms
Searching for 24.179.165.66.in-addr.arpa. PTR record at ns2.voxtelecom.net. [66.165.177.122] ...took 135 ms
Searching for 24.179.165.66.in-addr.arpa. PTR record at ns1.voxtelecom.net. [66.165.177.121] null
Searching for 24.179.165.66.in-addr.arpa. PTR record at ns2.voxtelecom.net. [66.165.177.122] ...took 135 ms
Searching for 24.179.165.66.in-addr.arpa. PTR record at ns2.voxtelecom.net. [66.165.177.122] ...took 135 ms
Searching for 24.179.165.66.in-addr.arpa. PTR record at ns2.voxtelecom.net. [66.165.177.122] ...took 135 ms
Searching for 24.179.165.66.in-addr.arpa. PTR record at ns2.voxtelecom.net. [66.165.177.122] ...took 135 ms
Searching for 24.179.165.66.in-addr.arpa. PTR record at ns2.voxtelecom.net. [66.165.177.122] ...took 134 ms
Searching for 24.179.165.66.in-addr.arpa. PTR record at ns1.voxtelecom.net. [66.165.177.121] null
Searching for 24.179.165.66.in-addr.arpa. PTR record at ns2.voxtelecom.net. [66.165.177.122] ...took 135 ms
Searching for 24.179.165.66.in-addr.arpa. PTR record at ns2.voxtelecom.net. [66.165.177.122] ...took 136 ms
Searching for 24.179.165.66.in-addr.arpa. PTR record at ns1.voxtelecom.net. [66.165.177.121] null
Searching for 24.179.165.66.in-addr.arpa. PTR record at ns2.voxtelecom.net. [66.165.177.122] ...took 134 ms
Searching for 24.179.165.66.in-addr.arpa. PTR record at ns2.voxtelecom.net. [66.165.177.122] ...took 134 ms
Searching for 24.179.165.66.in-addr.arpa. PTR record at ns1.voxtelecom.net. [66.165.177.121] null
Searching for 24.179.165.66.in-addr.arpa. PTR record at ns2.voxtelecom.net. [66.165.177.122] ...took 134 ms
Searching for 24.179.165.66.in-addr.arpa. PTR record at ns2.voxtelecom.net. [66.165.177.122] ...took 135 ms

Sorry I didnt know you were dealing with a subnet. So this is required from your end

Thats your named.conf
##############################################
NAMED.CONF
##############################################
zone "0/25.179.165.66.in-addr.arpa" IN {
type master;
file "db.66.165.179";
allow-transfer { 66.165.177.122; };
};
###############################################

means your zone will serve records for 66.165.179.0/25
Subnet ID 66.165.179.0
BroadCast 66.165.179.127
Host Address Range 66.165.179.1 - 66.165.179.126

#################################################
Zone File db.66.165.179
#################################################
$TTL 86400
$ORIGIN 0/25.179.165.66.in-addr.arpa.

@ IN SOA ns1.voxtelecom.net. pfischer.atmit.com. (
2010021501 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
; Name Servers
IN NS ns1.voxtelecom.net.
IN NS ns2.voxtelecom.net.

; Public Servers
24 IN PTR scc.netstar-sxm.com.
25 IN PTR one.netstar-sxm.com.
70 IN PTR exchange.sea-grapes.com.
106 IN PTR mail.netstar-sxm.com.
; EOF
#################################################
Thats all the configuration required from your end. With reverse Subnet maps all (even local) reverse map queries require to follow the delegation (external) path for the reverse mapped address IN-ADDR.ARPA domain. If this change has not taken place or has not yet propagated you will get errors from 'nslookup' or 'dig' operations. As I have posted before from dnswatch.info your ISP/DNS provider has not properly delegated the zone as all the queries are looping b/w their name servers (ns1.voxtelecom.net and ns2.voxtelecom.net).