[afnog] Setting up DNS server for Reverse Delegation

Noa of Ark ncmaina2001 at yahoo.com
Thu Nov 1 08:14:22 UTC 2007 

Hay,

Actually its  is an Upstream Internet provider from Israel. What happened is, they 
registered the IP subnet that they allocated us to their names with RIPE and then they took control of it. Then they use the same subnet to peer with us and therefore their Authoritative name servers are  doing the  PTR  and  A  records stuff for us.

I am going to write to them so that they can give me full control of this subnet, then i will reverse delegate it to my name servers.

I like Bind 9 because it has more options like the one for stopping DNS spoofing via views and refusing reverse recursion of IP addresses that are not from my subnet range.This helps when it comes to protecting over DNS hacking irrespective of putting the DNS server behind a firewall of a DMZ.

Best regards and thanks for your opinions.

-----
Maina Noah

Global One Solution <malabow at gmail.com> wrote: Great news, that is wonderful, Which ISP is this, that is refusing the delegate, Did you try to ask them to swip the block to you meaning, change the owner via the registrar to you. It doesn't make sense, I am new to this forum and not really understand the policy/process of African ISP and AfriNIC. by the way i mean to say BIND, not pine, ( pine is actually an e-mail system) i m getting old. yeah i use to support BIND 8, back in 2004, before i moved to more archetict position and consulting on WAN/Security on Cisco/Juniper gears. 

Thanks,

On 11/1/07, Noa of Ark <ncmaina2001 at yahoo.com> wrote: Hi Liban,

Thanks for all your suggestions.

Actually i fianlly managedto deal with all this matters. AfriNIC was of grate heal but my upstream providers were a pain in the ass.They refused to host reverse 
 lookup for the same ip subnet.

When i asked them to reverse delegate the ip block they had allocated me tomy dns servers they refused but they did accept to create PTR records for only my second name server which uses an ip from the same block. 

I reverse delegatd my other ip subnet from afrinic though by creating reverse zone records in both my dns servers and all was good.

 I am not using pine nor exchange. I am just using BIND 9 on unix and linux boxes. I find Bind more easier for me to work with because i have been using it for dns services for sometime. 

But i will try pine though for the CNAME stuff you are suggesting.

Best regards,

Maina Noah.

Global One Solution  <malabow at gmail.com> wrote:
  Noa,

Would like to do host the reverse look up your self, few things i would point out:

1-  Make sure the IP is swipped to you
2- Ask your ISP to point your IP block to your NS 
3- If they don't want or can't, then ask them to forward your block  to your NS, and then you can create the PTR entry. 
4- Make them host the reverse look-up, 
5- I am not sure if you using pine or exchange, but i know pine is more forgiven, and can use CNAME, if the block is not /24 

Hope this @least points you do the right direction,  



-- 
Liban Mohamed
Global One Solution
 www.globalonesolutions.net

malabow at gmail.com _______________________________________________ 
afnog mailing  list
http://afnog.org/mailman/listinfo/afnog


     

  A little sleep, a little slumber, a little folding of the hands to rest,  
and poverty will come upon you like a robber,and want, like an armed warrior. 
------------------------------------------------------------------------------------------
  

 __________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
 http://mail.yahoo.com 




-- 
Liban Mohamed
Global One Solution
www.globalonesolutions.net
 malabow at gmail.com 


    

  A little sleep, a little slumber, a little folding of the hands to rest, 
and poverty will come upon you like a robber,and want, like an armed warrior.
------------------------------------------------------------------------------------------
 


 __________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://afnog.org/pipermail/afnog/attachments/20071101/217deb5d/attachment-0001.html

More information about the afnog mailing list