Reverse Delegation - RIPE
Odhiambo Washington
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Hello List-ers,
I am trying to setup reverse delegation via the RIPE auto-...@ripe.net b=
ut this robot
is revealing some problems that I never was aware existed. Some hawk-eyed p=
al here can help
me with what I need. My domain name is wananchi.com and officially I have T=
WO Name Servers -
ns1.wananchi.com and ns2.wananchi.com. Yes, they are on the same subnet so =
pls ignore that
warning.
What's the issue with the rest of the warnings???
[inc. warnings]
-Wash
S y s t e m s A d m i n i s t r a t o r
--
~\\_ =20
Odhiambo Washington \\\\ =20
Wananchi Online Ltd., `\\\\\ =20
1st Flr Loita Hse, Loita Street |\\\\\ =20
PO Box 10286,00100-NAIROBI,KE. \\\\\|__.--~~\ =20
Fax: 254 2 313985-9 _--~ / =20
Fax: 254 2 313922 /~ ////// _-~~~~' =20
E-mail: wa...@wananchi.com ('-//////-// =20
URL : http://www.wananchi.com //////(((-) =20
GSM: 254 72 743 223 / 254 733 744 121 /////" =20
_///" =20
+++
"The first rule of magic is simple. Don't waste your time waving your
hands and hoping when a rock or a club will do."
-- McCloctnik the Lucid
-- Attached file included as plaintext by Listar --
Subject: Re: X-NCC-RegID:ke.wananchi
From: "Marvin, RIPE NCC Reverse Delegation Robot" <ina...@ripe.net>
To: <muc...@wananchi.com>
Date: Thu, November 8, 2001 6:10 am
Dear Requester,
this is an automatic response from Marvin, the RIPE NCC reverse
delegation robot (v1.23). If you have any problems with this
software, please try the FAQ at
http://www.ripe.net/reverse/faq.html
in the first instance. If this doesn't help, please don't hesitate
to write to the (warm, friendly) humans at <ina...@ripe.net>. Please
include as many details as possible, including the full output that
you received, if possible.
This message concerns your request for delegation of the zone
74.49.212.in-addr.arpa
Summary:
One or more problems were found with the check of the
DNS data associated with your request (see section 1, 'Check
of DNS Setup' directly below). Please fix it/them, if possible,
and resubmit to <auto-...@ripe.net>.
Kind Regards,
Marvin
Reverse Delegation Robot, RIPE NCC
----------------- (1) Check of DNS Setup ----------------
Errors: 2 Warnings: 1 Notes: 1
(44 points)
DNS Check Failed: 20 or more problem points.
*Set Problems*
Errors: 0 Warnings: 0 Notes: 1
(0 points)
Note 1
(0)
The delegated nameservers ns1.wananchi.com (62.8.64.3) and
ns2.wananchi.com (62.8.64.4) *may* be on the same subnet.
Please ignore if this isn't the case.
--> http://www.ripe.net/misc/dc-ext-descr.html#DELEGATED_NS_ON_SAME_SUBNET
*ns2.wananchi.com*
Errors: 1 Warnings: 1 Notes: 0
(24 points)
Error 1
(20)
Couldn't get an SOA record from ns2.wananchi.com
(62.8.64.4).
*Note*: most further checks will not take place for this
nameserver.
--> http://www.ripe.net/misc/dc-ext-descr.html#CANT_LOOKUP_SOA_AT_NS
Warning 1
(4)
None of the PTR records found for 62.8.64.4 mapped back to
ns2.wananchi.com.
--> http://www.ripe.net/misc/dc-ext-descr.html#WRONG_REVERSE_MAPPING
*ns1.wananchi.com*
Errors: 1 Warnings: 0 Notes: 0
(20 points)
Error 1
(20)
Couldn't get an SOA record from ns1.wananchi.com
(62.8.64.3).
*Note*: most further checks will not take place for this
nameserver.
--> http://www.ripe.net/misc/dc-ext-descr.html#CANT_LOOKUP_SOA_AT_NS
------------------- Original Request --------------------
> domain: 74.49.212.in-addr.arpa
> descr: Reverse delegation for Wananchi Online Ltd.
> admin-c: NR1143-RIPE
> tech-c: JM7468-RIPE
> zone-c: JM7468-RIPE
> nserver: ns1.wananchi.com
> nserver: ns2.wananchi.com
> changed: muc...@wananchi.com 20011108
> source: RIPE
>
-- Attached file included as plaintext by Listar --
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org
iD8DBQE76l6Xn7LIsuxjem8RAhVmAKC66LFzYPBkbhZFvQ/rW1fi2METfACgvpF6
Q4mKD0h9vIU5oRgUuzgUM1g=
=PK1q
-----END PGP SIGNATURE-----
Simon Waters
Odhiambo Washington wrote:
>
> This message concerns your request for delegation of the zone
>
> 74.49.212.in-addr.arpa
> Couldn't get an SOA record from ns2.wananchi.com
> (62.8.64.4).
> Warning 1
> (4)
>
> None of the PTR records found for 62.8.64.4 mapped back to
> ns2.wananchi.com.
> Couldn't get an SOA record from ns1.wananchi.com
> (62.8.64.3).
This seems pretty straight forward. You must set up the zone on
the servers before requesting the delegation, neither server is
answering for this reverse zone, so the delegation is refused.
This is probably to ensure that the reverse lookups fail
gracefully. If they delegated it, and you never set up the zone,
or got it wrong, things could get messy. RIPE is obliged to do
it's best to ensure that the reverse DNS is in good order, it
says that in the paper work somewhere.
The reverse lookup of ns2.wananchi.com address is
mail.wananchi.com - since this is a warning I assume you can
ignore it. Although life may be simpler if you keep the
canonical name in agreement with what you tell the registrar.
But it probably requires changing the mail server configuration
to fix it now, so save that one for the long winter nights,
unless it becomes a showstopper.
Odhiambo Washington
|
| Odhiambo Washington wrote:
| >
| > This message concerns your request for delegation of the zone
| >
| > 74.49.212.in-addr.arpa
|
| > (4)
| >
| > None of the PTR records found for 62.8.64.4 mapped back to
| > ns2.wananchi.com.
|
| the servers before requesting the delegation, neither server is
| answering for this reverse zone, so the delegation is refused.
| This is probably to ensure that the reverse lookups fail
| gracefully. If they delegated it, and you never set up the zone,
| or got it wrong, things could get messy. RIPE is obliged to do
| it's best to ensure that the reverse DNS is in good order, it
| says that in the paper work somewhere.
|
| The reverse lookup of ns2.wananchi.com address is
| mail.wananchi.com - since this is a warning I assume you can
| ignore it. Although life may be simpler if you keep the
| canonical name in agreement with what you tell the registrar.
| But it probably requires changing the mail server configuration
| to fix it now, so save that one for the long winter nights,
| unless it becomes a showstopper.
Hello Simon,
What I have done now, after your advise, is to add the following entry
into my named.conf:
zone "0/25.74.49.212.IN-ADDR.ARPA" { type master; file "212.49.74.rev"; };
Since I don't own the whole of 212.49.74.0/24. I own 212.49.74.0/25.
Is my setup correct?
I have done that and created a zone file, like this:
$TTL 172800
@ IN SOA ns1.wananchi.com. hostmaster.wananchi.com. (
2001110802 ; Serial number
172800 ; Refresh every 2 days
3600 ; Retry every hour
1728000 ; Expire every 20 days
172800 ; Minimum 2 days
)
IN NS ns1.wananchi.com.
IN NS ns2.wananchi.com.
1 IN PTR gw.wananchi.com.
2 IN PTR longonot.wananchi.com.
3 IN PTR ns1.wananchi.com.
4 IN PTR ns2.wananchi.com.
5 IN PTR alligator.wananchi.com.
6 IN PTR acr.wananchi.com.
This block was allocated to me by our uplink provider. Unfortunately they are much
worse than I am when it comes to issues like this. In fact I am better I know howto
delegate.
Since this is a /25, I guess there is no chance of achieving the delegation???
TIA
-Wash
S y s t e m s A d m i n i s t r a t o r
--
~\\_
Odhiambo Washington \\\\
Wananchi Online Ltd., `\\\\\
1st Flr Loita Hse, Loita Street |\\\\\
PO Box 10286,00100-NAIROBI,KE. \\\\\|__.--~~\
Fax: 254 2 313985-9 _--~ /
Fax: 254 2 313922 /~ ////// _-~~~~'
E-mail: wa...@wananchi.com ('-//////-//
URL : http://www.wananchi.com //////(((-)
GSM: 254 72 743 223 / 254 733 744 121 /////"
_///"
+++
Bank error in your favor. Collect $200.
-- Attached file included as plaintext by Listar --
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org
iD8DBQE76npSn7LIsuxjem8RAkjVAJ4hECtWldD+mxDtFGFesbzguTjlowCgrfvr
LZjvSOYXRiKHjhZQ4sCHMCo=
=jaIk
-----END PGP SIGNATURE-----
Barry Margolin
Odhiambo Washington <wa...@wananchi.com> wrote:
>Since this is a /25, I guess there is no chance of achieving the delegation???
The delegation should be done by the provider that the /24 was delegated
to, using the technique in RFC 2317.
--
Barry Margolin, bar...@genuity.net
Genuity, Woburn, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.
Odhiambo Washington
|
| to, using the technique in RFC 2317.
What about when the provider is so dumb that they don't know what to do? Then
I am sunk???
Kindly do a check from the RIPE database and tell me if I am missiong something.
Thanls in advance.
-Wash
S y s t e m s A d m i n i s t r a t o r
--
~\\_
Odhiambo Washington \\\\
Wananchi Online Ltd., `\\\\\
1st Flr Loita Hse, Loita Street |\\\\\
PO Box 10286,00100-NAIROBI,KE. \\\\\|__.--~~\
Fax: 254 2 313985-9 _--~ /
Fax: 254 2 313922 /~ ////// _-~~~~'
E-mail: wa...@wananchi.com ('-//////-//
URL : http://www.wananchi.com //////(((-)
GSM: 254 72 743 223 / 254 733 744 121 /////"
_///"
+++
Blore's Razor:
Given a choice between two theories, take the one which is
funnier.
-- Attached file included as plaintext by Listar --
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org
iD8DBQE76qtrn7LIsuxjem8RAq+zAKCQHZHcU0PJWXsCZ+wT+yo0hAMF+gCff1Bt
VFgJ2mn84aDv2SeE0VcX6VA=
=27h6
-----END PGP SIGNATURE-----
Michael Kjorling
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Then you switch provider.
You have been assigned a /25 - there is no way you can justify
claiming authority for a /24. And even if you do, you need to set
things up for the entire /24 in that case any not something that
doesn't exist (0/25...in-addr.arpa)
Michael Kjörling
On Nov 8 2001 18:57 +0300, Odhiambo Washington wrote:
> * Barry Margolin <bar...@genuity.net> [20011108 18:23]: writing on the subject 'Re: Reverse Delegation - RIPE'
> | The delegation should be done by the provider that the /24 was delegated
> | to, using the technique in RFC 2317.
>
> What about when the provider is so dumb that they don't know what to do?
- --
Michael Kjörling -- Programmer/Network administrator ^..^
PGP: 95f1 074d 336d f8f0 f297 6a5b 2aa3 7bfd 8a70 e33e \/
Internet: mic...@kjorling.com -- FidoNet: 2:204/254.4
"There is something to be said about not trying to be glamorous
and popular and cool. Just be real -- and life will be real."
(Joyce Sequichie Hifler, September 13 2001, www.hifler.com)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Public key is at http://michael.kjorling.com/contact/pgp.html
iD8DBQE76q0NKqN7/Ypw4z4RAnzJAKDRArwTuH+l3o750uuW7Bn4z4q0nQCg3vr2
Bd6qV/uvh9dq7kL9BLCqxGA=
=ZLiS
-----END PGP SIGNATURE-----
Barry Margolin
Odhiambo Washington <wa...@wananchi.com> wrote:
>* Barry Margolin <bar...@genuity.net> [20011108 18:23]: writing on the
>subject 'Re: Reverse Delegation - RIPE'
>| to, using the technique in RFC 2317.
>
>What about when the provider is so dumb that they don't know what to do? Then
>I am sunk???
Send them detailed instructions of what to put in their zone file.
If they can't handle that, then either demand that they assign you an
entire /24 so you can get it delegated from the RIPE servers, or do like
the other poster said: get a new provider who knows what they're doing.