CODEWITHSUNDEEP
dns
Ruth Shortall
Ruth Shortall

Reputation: 21

Faulty DNS setup of domain

I received the following from my domain registry in Iceland:

The setup of zone gsap.is on its nameservers appears not to be according to ISNIC's reqirements for .IS delegations.

ask your hosting provider to add a PTR record for the nameserver:

4.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.0.0.0.1.0.0.1.8.8.c.f.7.0.6.2.ip6.arpa. IN PTR A.NS.ZERIGO.NET.

Can you please tell me if you can help me with this?

Upvotes: 1

Views: 227

Answers (2)

EDP
EDP

Reputation: 319

Some cTLD registries are pushing the limit on zone structure regulations. I'm a big fan of this, however in many cases the local registries are merely trying to clean up their own street-front in a big city where all other neighbors are freely emptying their trashcans on the same street.

It's highly unusual however that local registries also enforce RFC's on ipv6. In the case you don't need ipv6 resolution you probably can fix this by just removing your AAAA records.

Obviously if you need ipv6 you shouldn't follow my advice, but submit to your local registry demands.

Upvotes: -1

Celada
Celada

Reputation: 22251

They want your DNS server to have reverse mappings in the DNS pointing from its IP addresses back to its name. That is an unusual requirement, yet that's what they want to see.

Your name server has two IP addresses: 64.27.57.11 and 2607:fc88:1001:1::4.

The reverse mapping for 64.27.57.11 exists and points back to the correct name:

dig -x 64.27.57.11

(...)

;; ANSWER SECTION:
11.57.27.64.in-addr.arpa. 740   IN      PTR     a.ns.zerigo.net.

But the reverse mapping for 2607:fc88:1001:1::4 does not exist:

dig -x 2607:fc88:1001:1::4

; <<>> DiG 9.4.3-P3 <<>> -x 2607:fc88:1001:1::4
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 19793
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;4.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.0.0.0.1.0.0.1.8.8.c.f.7.0.6.2.ip6.arpa. IN PTR

(note NXDOMAIN.)

I see that the reverse zone for the 2607:fc88::/32 prefix is hosted on nameservers ns1.wehostwebsites.com and ns2.wehostwebsites.com. You need to either:

  • Insert the reverse mapping into the zone file for this IP address block on the above nameservers. You would probably do this if 2607:fc88::/32 is your IP address block.
  • Get a smaller block like 2607:fc88:1001::/48 delegated to your nameservers, set them up to serve the reverse zone (1.0.0.1.8.8.c.f.7.0.6.2.ip6.arpa), and insert the reverse mapping for your nameserver into that zone. You would probably choose this option if you aren't responsible for the whole 2607:fc88::/32 block.

Either way, the reverse entry should be this one:

4.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.0.0.0.1.0.0.1.8.8.c.f.7.0.6.2.ip6.arpa.   IN   PTR a.ns.zerigo.net.

Upvotes: 2

Related Questions