IPv4 reverse dns broken in gnt-chi
I sent this ticket to cymru:
Hi,
I can't exactly figure out why, but we can't do reverse DNS resolution for our machines in 38.229.82.0/24. Example:
$ host 38.229.82.20 Host 20.82.229.38.in-addr.arpa. not found: 3(NXDOMAIN)
If we ask our DNS servers, they answer correctly:
$ host 38.229.82.20 ns1.torproject.org Using domain server: Name: ns1.torproject.org Address: 38.229.72.12#53 Aliases: 20.82.229.38.in-addr.arpa domain name pointer tb-tester-01.torproject.org.
It seems the zone is not correctly delegated our way:
$ dig -x 38.229.82.20 +trace ; <<>> DiG 9.11.5-P4-5.1+deb10u2-Debian <<>> -x 38.229.82.20 +trace ;; global options: +cmd . 12688 IN NS b.root-servers.net. . 12688 IN NS j.root-servers.net. . 12688 IN NS k.root-servers.net. . 12688 IN NS a.root-servers.net. . 12688 IN NS h.root-servers.net. . 12688 IN NS d.root-servers.net. . 12688 IN NS e.root-servers.net. . 12688 IN NS c.root-servers.net. . 12688 IN NS i.root-servers.net. . 12688 IN NS g.root-servers.net. . 12688 IN NS m.root-servers.net. . 12688 IN NS f.root-servers.net. . 12688 IN NS l.root-servers.net. . 12688 IN RRSIG NS 8 0 518400 20210216170000 20210203160000 42351 . pmL1poYE09UpdGFi41iFsjgWsxt0k/M+Ks0muX/KyWywCrHqb++EqWal 6K6ss7AFaNQuVwJ6rs49CjTNZJX2uf3etuIgIGJoYeXxBT0h7LhaZ0Jb jSlKYQS6j5QgQ5SkIBCF57V8GoD5J1y3mK1UfT0YN6suDBYHqHsEAenl mXs+fRw6KvcsFZoJkfgG/OCpdeJjlpaWQ01vGvPcYRHllgNJVdyFpH82 UxMErX2XczDu7OrkD45zl3DnpI2lReu+AP5VrPeXYNhpdHnPiaCBLjjl 7qSGRPbvcfQylix/J0oJyygdPFvjlIakHohH60I6fqKGleuYxu6JW8qW RkrFPQ== ;; Received 525 bytes from 127.0.0.1#53(127.0.0.1) in 0 ms in-addr.arpa. 172800 IN NS a.in-addr-servers.arpa. in-addr.arpa. 172800 IN NS b.in-addr-servers.arpa. in-addr.arpa. 172800 IN NS c.in-addr-servers.arpa. in-addr.arpa. 172800 IN NS d.in-addr-servers.arpa. in-addr.arpa. 172800 IN NS e.in-addr-servers.arpa. in-addr.arpa. 172800 IN NS f.in-addr-servers.arpa. in-addr.arpa. 86400 IN DS 47054 8 2 5CAFCCEC201D1933B4C9F6A9C8F51E51F3B39979058AC21B8DF1B1F2 81CBC6F2 in-addr.arpa. 86400 IN DS 53696 8 2 13E5501C56B20394DA921B51412D48B7089C5EB6957A7C58553C4D4D 424F04DF in-addr.arpa. 86400 IN DS 63982 8 2 AAF4FB5D213EF25AE44679032EBE3514C487D7ABD99D7F5FEC3383D0 30733C73 in-addr.arpa. 86400 IN RRSIG DS 8 2 86400 20210217120000 20210204110000 41685 arpa. MDiXByrhwnOXvKe/Ktrsonwjb/7lcdCNKGkWf852zDOCRgBFLNUEgLLk +GjSa8qADo0mXwYy30y8ZRgMp8QDGz+WrLvq9UVK+nDe2hcpOO8O/tSo h0J8CWSyXBLi60GkmtZJE4i6bBM+gIFHtKU5E+Tq/CdPvBiSw27EUfQP z3E7aoV3BTH8ZGh3W0nr48W2kvM7j0fVSu9oJHNMrcuKLpDlUxvhFz2o Dz7syc06xZfevniCOsQUDXAcomoDX9D8gZ+F0xtV9dZLV1b0M2vbhWH1 nRF28cPo30OIhC5Ac5afJz/NB8vOVhznacP61WEoWvAwpiiKeLMrdvuK zcGnnQ== ;; Received 866 bytes from 192.203.230.10#53(e.root-servers.net) in 18 ms 38.in-addr.arpa. 86400 IN NS auth5.dns.cogentco.com. 38.in-addr.arpa. 86400 IN NS auth1.dns.cogentco.com. 38.in-addr.arpa. 86400 IN NS auth2.dns.cogentco.com. 38.in-addr.arpa. 86400 IN NS auth4.dns.cogentco.com. 38.in-addr.arpa. 3600 IN NSEC 39.in-addr.arpa. NS RRSIG NSEC 38.in-addr.arpa. 3600 IN RRSIG NSEC 8 3 3600 20210215095215 20210125160002 34704 in-addr.arpa. AsmO4cHB6C40pyNu1+WP5XVoJcHCo0HQZPImhmyHrbi/bgYZxpbUT2MF T8BapeNyrmxsFthKeQ+RJiJuxREHNaH3kE7o3zrBZh8R/ygkF46ESVkV aWEs/yrkhSIjw9fZ6B3GR/YuMIpISrlD8zCBSdyu6JCOlVZj5tphxLQG T8Y= ;; Received 402 bytes from 203.119.86.101#53(e.in-addr-servers.arpa) in 151 ms 229.38.in-addr.arpa. 43200 IN NS ns2.cymru.com. 229.38.in-addr.arpa. 43200 IN NS ns3.cymru.com. 229.38.in-addr.arpa. 43200 IN NS ns1.cymru.com. ;; Received 145 bytes from 80.91.64.50#53(auth5.dns.cogentco.com) in 115 ms 82.229.38.in-addr.arpa. 7200 IN SOA ns1.cymru.com. noc.cymru.com. 2020110201 21600 3600 604800 7200 ;; Received 107 bytes from 38.229.0.47#53(ns2.cymru.com) in 102 ms
Maybe the delegation wasn't correctly setup?
Thanks for looking into this,