Linux Hints

blueblog - by Christian J. Dietrich

Static Pages

Frontpage
Publications
About me

Wednesday, June 1. 2011

Delegating IN-ADDR.ARPA domains for reverse DNS resolution (PTR: IP to hostname)

Part of a clean DNS configuration is to maintain a mapping from IP addresses to hostnames. Especially in email exchange, many mail servers require that the sender's IP address can be looked up in DNS and e.g. maps to a hostname. You can easily test this using the tool dig which is usually part of bind-utils:


$  dig  -x 80.67.18.126

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19989

;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0



;; QUESTION SECTION:

;126.18.67.80.in-addr.arpa.     IN      PTR



;; ANSWER SECTION:

126.18.67.80.in-addr.arpa. 86400 IN     PTR     mxlb.ispgateway.de.

The listing shows the lookup for a PTR record of (one of) the mail server's IP address(es) of my domain. dig provides the -x flag which behind the scenes makes a query for 126.18.67.80.in-addr.arpa. of resource record type PTR. Equivalently, you can issue 'dig 126.18.67.80.in-addr.arpa. PTR'. As we can see from the output above, the IP address 80.67.18.126 maps to the hostname mxlb.ispgateway.de. (which in turn maps to 80.67.18.126 when querying for an A RR type).

In order to be able to provide reverse mappings for a set of IP addresses that have been assigned, there should be a delegation (or referral) from the authoritative entity which assigned the IP addresses. Usually you will want to have CIDR ranges of IPv4 addresses delegated. Thus, let's assume the upstream ISP takes care of the whole /24 network 1.2.3.0/24 (i.e. 1.2.3.0-1.2.3.255) and the subnet IP address range 1.2.3.32/27 (i.e. 1.2.3.32-1.2.3.63) should be delegated from the authoritative (upstream ISP) nameserver A to (your) nameserver B. The following configuration snippets provide an example configuration for BIND and illustrate the required steps.

Thus, A needs to be configured to delegate the DNS entries concerning the IP addresses 1.2.3.32/27 to the nameserver B as follows:


; depending on your style of zone files, you might not have an $ORIGIN in them at all

$ORIGIN 3.2.1.IN-ADDR.ARPA.

@            IN  SOA   ns1.A.com. dnsadmin.A.com. (

                              2011052501; serial number

                              1h             ; refresh after

                              1h             ; retry update after

                              2w             ; expire after

                              1h             ; negative caching TTL)

              IN  NS      ns1.A.com.

              IN  NS      ns2.A.com.



; here go PTR records for the IP address range 1.2.3.0-.31 which is not delegated to B

1            IN  PTR   some.absolute.hostname.example.com.

...

31           IN  PTR   note.that.relative.names.dont.make.sense.here.



; here goes the referral for the subnet 1.2.3.32/27 to B's name server(s)

32/27         IN  NS  ns1.B.com.

32/27         IN  NS  ns2.B.com.    ; in case B has a second NS



; Now comes an important part. the above statement does not suffice to refer queries to B's name server.

; In addition, we also have to define CNAMEs for ALL IP addresses in the subnet and map them to

; the referred domain 32/27.

32            IN  CNAME   32.32/27.3.2.1.IN-ADDR.ARPA.

; or alternatively

32            IN  CNAME   32.32/27

....

63            IN  CNAME   63.32/27  ; keep going from 32 to 63...

; ...or alternatively use the $GENERATE macro of BIND 8.2+

$GENERATE 32-63 $ CNAME $.32/27

Note that we could have chosen ANY arbitrary name instead of 32/27 for the CNAME targets as well as the referral (one could even refer outside the in-addr.arpa tree). However, RFC 2317 recommends the above scheme (for good reason).

On the "target" nameserver B, the zone looks similar to:


$ORIGIN 32/27.3.2.1.IN-ADDR.ARPA.

@            IN  SOA   ns1.B.com. dnsadmin.B.com. ( ... )

              IN  NS      ns1.B.com.

              IN  NS      ns2.B.com.



; provide the PTR mapping for the IP addresses 1.2.3.32-.63 (maybe omit first and 

; last as they are network and broadcast addresses).

32            IN  PTR   some-net.b.example.com.

33            IN  PTR   host33.b.example.com.

....

62            IN  PTR   web.example.com.

63            IN  PTR   host63.example.com.



; alternatively use the $GENERATE macro of BIND 8.2+

$GENERATE 32-63 $ PTR host$.b.example.com.

The configuration of the zone on the nameserver B is something like:


...

    zone "32/27.3.2.1.in-addr.arpa" in {

      type master;

      file "data/1.2.3.32_27.reverse.zone";

    };

...


Testing the configuration
Here are some commands using dig in order to test the configuration:


; query one of the PTRs at B's nameserver

dig +norecurse  @[nameserver-of-B]  33.32/27.3.2.1.in-addr.arpa  PTR



; query A's nameserver for the exact referral

dig +norecurse  @[nameserver-of-A]  32/27.3.2.1.in-addr.arpa  ANY



; query A's nameserver for one of the PTRs

dig +norecurse  @[nameserver-of-A]  33.32/27.3.2.1.in-addr.arpa  PTR

dig +norecurse  @[nameserver-of-A]  33.3.2.1.in-addr.arpa  PTR



; query one of the PTRs starting at the root

dig -x 1.2.3.33

dig +trace -x 1.2.3.33
Posted by
Christian J. Dietrich
in Linux Hints at 19:03

Wednesday, December 1. 2010

Compiling Gnuplot 4.4.2 on CentOS 5.5

CentOS is a really fine platform for professional Linux servers which is - among others - characterized by stable software releases. However, especially in a research environment every once in a while you need a recent version of a software. CentOS ships with Gnuplot 4.0.0 but I need Gnuplot >=4.4. In case others need this, too, here are my compile instructions:


# make sure your system is uptodate

yum clean all

yum check-update

yum update



# based on a minimal installation, you need some packages in order to compile, I suggest

yum install gcc gcc-c++ make libX11 xauth

yum install cairo-devel pango-devel freetype-devel gd-devel



cd /usr/local/src/

wget http://sourceforge.net/projects/gnuplot/files/gnuplot/4.4.2/gnuplot-4.4.2.tar.gz/download

tar xzf gnuplot-4.4.2.tar.gz 

cd gnuplot-4.4.2

less INSTALL



# start compiling. I usually install self-compiled stuff at /opt/[PKG-NAME]

./configure --prefix=/opt/gnuplot442

make

# make sure the shipped version of gnuplot is removed (this is probably not necessary but prevents version mix-up)

yum remove gnuplot

make install



# you might want to add a symlink

ln -s /opt/gnuplot442/bin/gnuplot /usr/bin/gnuplot
Posted by
Christian J. Dietrich
in Linux Hints at 19:25
(Page 1 of 1, totaling 2 entries)
Christian J. Dietrich

Christian J. Dietrich
Email: cd@cj2s.de

Quicksearch

Categories



All categories

Syndicate This Blog

Links