From mp at alphacron.de Sat May 15 19:01:22 2004 From: mp at alphacron.de (Marc Pauls) Date: Sat, 15 May 2004 19:01:22 +0200 Subject: [dns-wg] reverse delegation of a /16 doesn't work with new interface Message-ID: <20040515170122.GA19004@pauls.li> Hello, trying to setup a reverse delegation for a /16 (where ns.ripe.net is required) through the new mnt-domains based interface at auto-dbm at ripe.net doesn't seem to work. After trying several times I decided to send the delegation mail to the old auto-inaddr at ripe.net and it worked fine. When creating a new delegation of a /16 I always thought that the mandatory ns.ripe.net becomes a delegated nameserver itself by passing it as one of the nserver: entries in the domain template. e.g: domain: 222.111.in-addr.arpa ... nserver: ns1.customer-ns nserver: ns2.customer-ns nserver: ns.ripe.net ... That always worked with auto-inaddr at ripe.net but doesn't with auto-dbm at ripe.net. The error messages given by the database: ***Warning: (related to ns2.coustomers-ns) The nameserver ns.ripe.net was found listed for the zone at ns2.comstomers-ns (10.10.10.10), but was not one of the delegated nameservers (ns2.customers-ns, ns1.customers-ns). Only the delegated nameservers should be listed anywhere for the zone. ***Warning: (related to set) Only 2 delegated nameserver(s) ns2.customers-ns, ns1.customers-ns. There should be at least 3. ***Warning: (related to set) The RIPE NCC nameserver exactly one was not present in the list of delegated nameservers for this zone (ns.ripe.net). This is required by the RIPE NCC for this type/size of zone. Of course the NS-entries in the zones are all okay and contain ns.ripe.net of course... how I wrote... with auto-inaddr at ripe.net it worked. All in all that means that ns.ripe.net doesn't become authorative itself by passing it to a new /16 delegation through the new interface and so the database returns error messages. kind regards, Marc. From pk at TechFak.Uni-Bielefeld.DE Sun May 16 00:31:09 2004 From: pk at TechFak.Uni-Bielefeld.DE (Peter Koch) Date: Sun, 16 May 2004 00:31:09 +0200 Subject: [dns-wg] reverse delegation of a /16 doesn't work with new interface In-Reply-To: Your message of "Sat, 15 May 2004 19:01:22 +0200." <20040515170122.GA19004@pauls.li> Message-ID: <200405152231.i4FMVAQ21064@grimsvotn.TechFak.Uni-Bielefeld.DE> Hello, setup of ns.ripe.net is supposed to work by sending the domain template to auto-dbm, as long as certain preconditions are met. See for example slide 12 of Olaf's presentation http://www.ripe.net/ripe/meetings/ripe-48/presentations/ripe48-dns-rdns-update.pdf > ***Warning: (related to ns2.coustomers-ns) The nameserver > ns.ripe.net was found listed for the zone at > ns2.comstomers-ns (10.10.10.10), but was not one of > the delegated nameservers (ns2.customers-ns, > ns1.customers-ns). Only the delegated nameservers should > be listed anywhere for the zone. It is difficult, if not impossible, to track down a specific problem if the details come in disguise. In this case it would be interesting to see the SOA RR of the zone in question. -Peter From olaf at ripe.net Mon May 17 10:01:25 2004 From: olaf at ripe.net (Olaf M. Kolkman) Date: Mon, 17 May 2004 10:01:25 +0200 Subject: [dns-wg] reverse delegation of a /16 doesn't work with new interface In-Reply-To: <20040515170122.GA19004@pauls.li> References: <20040515170122.GA19004@pauls.li> Message-ID: <20040517100125.54943557.olaf@ripe.net> Hello Marc, I'm sorry to see you run into problems that you seem not to be able to fix. I'll write you a mail off-list with some trouble shooting tips. As a general comment, relevant to the list. I would like to point out that during the update to the new system we have updated our documentation on reverse delegations and that we appreciate receiving feedback on how to improve that documentation and the error messages. http://www.ripe.net/reverse/ is the "portal" page. http://www.ripe.net/reverse/reverse_howto.html is the page "guiding" one through the setup http://www.ripe.net/cgi-bin/nph-dc.cgi is the "delegation checker" tool which implements most of the DNS checks performed during the DOMAIN update. The e-mail address for user support is -- Olaf ---------------------------------| Olaf M. Kolkman ---------------------------------| RIPE NCC