[Techtalk] Reverse DNS confusion
Dushyanth Harinath
dushy at symonds.net
Fri May 24 10:52:18 EST 2002
Hi ,
* On 22'th May 2002 01:00:38 PM <raven at oneeyedcrow.net> wrote :
> Heya --
>
> Quoth Dushyanth Harinath (Wed, May 22, 2002 at 11:07:06AM +0530):
> > Ok, So my ISP needs to delegate the zone 192.168.1.32/27 to me. From
> > what I understand they need to put a NS record in their
> > 1.168.192.in-addr.arpa file pointing 32 to my DNS server.
>
[...]
> So basically, there are two things they can do. They can set
> their nameserver to delegate authority for the zone of your IP space to
> your DNS server, or they can set their server to give the responses you
> want when it's queried about those IP addresses. But either way, they
> need a DNS server.
Ok, My ISP is in the process of setting up their DNS. So i guess i would
have to wait for sometime.
> If you want to avoid this whole hassle, you can petition your
> local registry to allocate an IP block directly to you. (APNIC for you,
> if you're in India. http://www.apnic.net/) Then you own your own IP
> block, and you have the authority for the reverse DNS coming directly to
> you. However, there are drawbacks to this approach too. 1) You have to
> pay APNIC for the use of those IPs. 2) You have to go through their
> procedure to demonstrate a need for those IPs. 3) You have to convince
> your local ISP to route that IP block for you.
This is a long shot and we dont need that many IP's too. We have 6 IP's and
thats enough for us. And the best way is to ask my ISP to put the reverse
records in their DNS .
[...]
> > Yeah, I know, ISP's are lame here in India, pretty clueless guys and i
> > think they hire their technical staff from zoos :D.
>
> Well, hey, on the plus side there's got to be a job market for
> good techs there. [grin]
Should be , but not good, The management are more clueless then the less
clueless tech guys in some situations :)
> > Yes, I need to do that still, but until now i have been using that only
> > for internal use. I may use djbdns , Its very simple to manage. But it
> > makes snort's portscan plugin go haywire cos it opens many unprivileged
> > ports to communicate with other DNS servers. I was suprised to see 2000
> > portscan alerts just in a few minutes of time.
>
> The other thing that's strange about djbdns is if you need it to
> interoperate with BIND in any way. I ran a setup for a while where we
> had a djbdns secondary slaved to a BIND primary -- it took some tweaking
> to get that working properly. DJB seems to assume that his users know
> how to script around any difficulty that they may encounter getting the
> services to run as they'd like. If you do everything the djb way
> (svscan, his tcp toolkit, etc.) it will work, but trying to make it work
> any other way than exactly how he thinks it should be run is...
> challenging at times.
Yes, DJB's stuff is a bit hard to setup the first time, but once setup
and understood, it rocks. I have been using qmail for a long time and
the only thing thats stopping me from using djbdns in my network is
because of snort.
cheers
dushyanth
--
You have an unusual magnetic personality. Don't walk too close to
metal objects which are not fastened down.
Dushyanth Harinath
http://www.archeanit.com
http://symonds.net/~dushy
More information about the Techtalk
mailing list