Skip to content
GitLab
Closed
Created by anarcat@anarcatOwner

IPv4 reverse dns broken in gnt-chi

I sent this ticket to cymru:

Hi,

I can't exactly figure out why, but we can't do reverse DNS resolution for our machines in 38.229.82.0/24. Example:

$ host 38.229.82.20
Host 20.82.229.38.in-addr.arpa. not found: 3(NXDOMAIN)

If we ask our DNS servers, they answer correctly:

$ host 38.229.82.20 ns1.torproject.org
Using domain server:
Name: ns1.torproject.org
Address: 38.229.72.12#53
Aliases: 

20.82.229.38.in-addr.arpa domain name pointer tb-tester-01.torproject.org.

It seems the zone is not correctly delegated our way:

$ dig -x 38.229.82.20 +trace

; <<>> DiG 9.11.5-P4-5.1+deb10u2-Debian <<>> -x 38.229.82.20 +trace
;; global options: +cmd
.			12688	IN	NS	b.root-servers.net.
.			12688	IN	NS	j.root-servers.net.
.			12688	IN	NS	k.root-servers.net.
.			12688	IN	NS	a.root-servers.net.
.			12688	IN	NS	h.root-servers.net.
.			12688	IN	NS	d.root-servers.net.
.			12688	IN	NS	e.root-servers.net.
.			12688	IN	NS	c.root-servers.net.
.			12688	IN	NS	i.root-servers.net.
.			12688	IN	NS	g.root-servers.net.
.			12688	IN	NS	m.root-servers.net.
.			12688	IN	NS	f.root-servers.net.
.			12688	IN	NS	l.root-servers.net.
.			12688	IN	RRSIG	NS 8 0 518400 20210216170000 20210203160000 42351 . pmL1poYE09UpdGFi41iFsjgWsxt0k/M+Ks0muX/KyWywCrHqb++EqWal 6K6ss7AFaNQuVwJ6rs49CjTNZJX2uf3etuIgIGJoYeXxBT0h7LhaZ0Jb jSlKYQS6j5QgQ5SkIBCF57V8GoD5J1y3mK1UfT0YN6suDBYHqHsEAenl mXs+fRw6KvcsFZoJkfgG/OCpdeJjlpaWQ01vGvPcYRHllgNJVdyFpH82 UxMErX2XczDu7OrkD45zl3DnpI2lReu+AP5VrPeXYNhpdHnPiaCBLjjl 7qSGRPbvcfQylix/J0oJyygdPFvjlIakHohH60I6fqKGleuYxu6JW8qW RkrFPQ==
;; Received 525 bytes from 127.0.0.1#53(127.0.0.1) in 0 ms

in-addr.arpa.		172800	IN	NS	a.in-addr-servers.arpa.
in-addr.arpa.		172800	IN	NS	b.in-addr-servers.arpa.
in-addr.arpa.		172800	IN	NS	c.in-addr-servers.arpa.
in-addr.arpa.		172800	IN	NS	d.in-addr-servers.arpa.
in-addr.arpa.		172800	IN	NS	e.in-addr-servers.arpa.
in-addr.arpa.		172800	IN	NS	f.in-addr-servers.arpa.
in-addr.arpa.		86400	IN	DS	47054 8 2 5CAFCCEC201D1933B4C9F6A9C8F51E51F3B39979058AC21B8DF1B1F2 81CBC6F2
in-addr.arpa.		86400	IN	DS	53696 8 2 13E5501C56B20394DA921B51412D48B7089C5EB6957A7C58553C4D4D 424F04DF
in-addr.arpa.		86400	IN	DS	63982 8 2 AAF4FB5D213EF25AE44679032EBE3514C487D7ABD99D7F5FEC3383D0 30733C73
in-addr.arpa.		86400	IN	RRSIG	DS 8 2 86400 20210217120000 20210204110000 41685 arpa. MDiXByrhwnOXvKe/Ktrsonwjb/7lcdCNKGkWf852zDOCRgBFLNUEgLLk +GjSa8qADo0mXwYy30y8ZRgMp8QDGz+WrLvq9UVK+nDe2hcpOO8O/tSo h0J8CWSyXBLi60GkmtZJE4i6bBM+gIFHtKU5E+Tq/CdPvBiSw27EUfQP z3E7aoV3BTH8ZGh3W0nr48W2kvM7j0fVSu9oJHNMrcuKLpDlUxvhFz2o Dz7syc06xZfevniCOsQUDXAcomoDX9D8gZ+F0xtV9dZLV1b0M2vbhWH1 nRF28cPo30OIhC5Ac5afJz/NB8vOVhznacP61WEoWvAwpiiKeLMrdvuK zcGnnQ==
;; Received 866 bytes from 192.203.230.10#53(e.root-servers.net) in 18 ms

38.in-addr.arpa.	86400	IN	NS	auth5.dns.cogentco.com.
38.in-addr.arpa.	86400	IN	NS	auth1.dns.cogentco.com.
38.in-addr.arpa.	86400	IN	NS	auth2.dns.cogentco.com.
38.in-addr.arpa.	86400	IN	NS	auth4.dns.cogentco.com.
38.in-addr.arpa.	3600	IN	NSEC	39.in-addr.arpa. NS RRSIG NSEC
38.in-addr.arpa.	3600	IN	RRSIG	NSEC 8 3 3600 20210215095215 20210125160002 34704 in-addr.arpa. AsmO4cHB6C40pyNu1+WP5XVoJcHCo0HQZPImhmyHrbi/bgYZxpbUT2MF T8BapeNyrmxsFthKeQ+RJiJuxREHNaH3kE7o3zrBZh8R/ygkF46ESVkV aWEs/yrkhSIjw9fZ6B3GR/YuMIpISrlD8zCBSdyu6JCOlVZj5tphxLQG T8Y=
;; Received 402 bytes from 203.119.86.101#53(e.in-addr-servers.arpa) in 151 ms

229.38.in-addr.arpa.	43200	IN	NS	ns2.cymru.com.
229.38.in-addr.arpa.	43200	IN	NS	ns3.cymru.com.
229.38.in-addr.arpa.	43200	IN	NS	ns1.cymru.com.
;; Received 145 bytes from 80.91.64.50#53(auth5.dns.cogentco.com) in 115 ms

82.229.38.in-addr.arpa.	7200	IN	SOA	ns1.cymru.com. noc.cymru.com. 2020110201 21600 3600 604800 7200
;; Received 107 bytes from 38.229.0.47#53(ns2.cymru.com) in 102 ms

Maybe the delegation wasn't correctly setup?

Thanks for looking into this,

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information