[technique] reverse DNS

Mathieu Goessens (breizh-entropy) mathieu at breizh-entropy.org
Jeu 6 Aou 20:11:47 CEST 2015 

Bonjour,

Le 2015-08-06 19:57, Emmanuel Courcelle a écrit :
> Bonjour
>  Nous (c-à-d le PIC) avons deux machines chez tetaneutral, or l'une
> d'elles n'est pas inscrite dans le DNS Reverse.
>
>  Il s'agit de picbackup.le-pic.org:
>
>  MANU at TAMAT ~ $ HOST PICBACKUP.LE-PIC.ORG
>  PICBACKUP.LE-PIC.ORG HAS ADDRESS 89.234.156.206
>  PICBACKUP.LE-PIC.ORG HAS IPV6 ADDRESS 2A01:6600:8083:CE00::1
>  MANU at TAMAT ~ $ HOST 89.234.156.206
>  ;; CONNECTION TIMED OUT; NO SERVERS COULD BE REACHED
>  MANU at TAMAT ~ $ HOST 2A01:6600:8083:CE00::1
>  HOST
> 
> 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.E.C.3.8.0.8.0.0.6.6.1.0.A.2.IP6.ARPA
> NOT FOUND: 2(SERVFAIL)
>
>  C'est un peu ennuyeux car elle nous sert (entre autres) de MX
> secondaire pour les mails... Pourriez-vous remédier à cela  ?
>

On dirait que les reverses ont été délégué à picbackup.tetaneutral.net,
mais qu'il n'y a pas de serveur de nom sur la machine pour y répondre.
Auquel cas, le mieux serait sans doute de mettre un serveur de nom
dessus et créer les deux zones (ainsi peut être que de demander à
tetaneutral.net de rajouter d'autres serveurs de noms pour plus de
redondance, si c'est les reverses sont importants pour votre usage;
http://dns.he.net fournit de très bons secondaires par exemple.)

geb at debian:~$ dig -x 89.234.156.206 +trace

; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> -x 89.234.156.206 +trace
;; global options: +cmd
.			146719	IN	NS	b.root-servers.net.
.			146719	IN	NS	i.root-servers.net.
.			146719	IN	NS	d.root-servers.net.
.			146719	IN	NS	e.root-servers.net.
.			146719	IN	NS	k.root-servers.net.
.			146719	IN	NS	j.root-servers.net.
.			146719	IN	NS	l.root-servers.net.
.			146719	IN	NS	h.root-servers.net.
.			146719	IN	NS	f.root-servers.net.
.			146719	IN	NS	g.root-servers.net.
.			146719	IN	NS	a.root-servers.net.
.			146719	IN	NS	c.root-servers.net.
.			146719	IN	NS	m.root-servers.net.
;; Received 496 bytes from 192.44.77.1#53(192.44.77.1) in 11 ms

in-addr.arpa.		172800	IN	NS	b.in-addr-servers.arpa.
in-addr.arpa.		172800	IN	NS	f.in-addr-servers.arpa.
in-addr.arpa.		172800	IN	NS	a.in-addr-servers.arpa.
in-addr.arpa.		172800	IN	NS	d.in-addr-servers.arpa.
in-addr.arpa.		172800	IN	NS	e.in-addr-servers.arpa.
in-addr.arpa.		172800	IN	NS	c.in-addr-servers.arpa.
;; Received 421 bytes from 192.36.148.17#53(192.36.148.17) in 12 ms

89.in-addr.arpa.	86400	IN	NS	ns3.nic.fr.
89.in-addr.arpa.	86400	IN	NS	pri.authdns.ripe.net.
89.in-addr.arpa.	86400	IN	NS	sec1.apnic.net.
89.in-addr.arpa.	86400	IN	NS	sec3.apnic.net.
89.in-addr.arpa.	86400	IN	NS	sns-pb.isc.org.
89.in-addr.arpa.	86400	IN	NS	tinnie.arin.net.
;; Received 204 bytes from 193.0.9.1#53(193.0.9.1) in 124 ms

156.234.89.in-addr.arpa. 172800	IN	NS	ns3.tetaneutral.net.
156.234.89.in-addr.arpa. 172800	IN	NS	ns2.tetaneutral.net.
156.234.89.in-addr.arpa. 172800	IN	NS	ns1.tetaneutral.net.
;; Received 114 bytes from 192.134.0.49#53(192.134.0.49) in 10 ms

206.156.234.89.in-addr.arpa. 7200 IN	NS	picbackup.tetaneutral.net.
;; Received 128 bytes from 91.224.149.253#53(91.224.149.253) in 25 ms

;; connection timed out; no servers could be reached
geb at debian:~$ dig -x 2a01:6600:8083:ce00::1 +trace

; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> -x 2a01:6600:8083:ce00::1 +trace
;; global options: +cmd
.			146696	IN	NS	k.root-servers.net.
.			146696	IN	NS	d.root-servers.net.
.			146696	IN	NS	b.root-servers.net.
.			146696	IN	NS	f.root-servers.net.
.			146696	IN	NS	a.root-servers.net.
.			146696	IN	NS	c.root-servers.net.
.			146696	IN	NS	j.root-servers.net.
.			146696	IN	NS	g.root-servers.net.
.			146696	IN	NS	m.root-servers.net.
.			146696	IN	NS	e.root-servers.net.
.			146696	IN	NS	i.root-servers.net.
.			146696	IN	NS	l.root-servers.net.
.			146696	IN	NS	h.root-servers.net.
;; Received 496 bytes from 192.44.77.1#53(192.44.77.1) in 10 ms

ip6.arpa.		172800	IN	NS	f.ip6-servers.arpa.
ip6.arpa.		172800	IN	NS	a.ip6-servers.arpa.
ip6.arpa.		172800	IN	NS	e.ip6-servers.arpa.
ip6.arpa.		172800	IN	NS	b.ip6-servers.arpa.
ip6.arpa.		172800	IN	NS	d.ip6-servers.arpa.
ip6.arpa.		172800	IN	NS	c.ip6-servers.arpa.
;; Received 462 bytes from 2001:500:2f::f#53(2001:500:2f::f) in 12 ms

0.a.2.ip6.arpa.		86400	IN	NS	tinnie.arin.net.
0.a.2.ip6.arpa.		86400	IN	NS	ns3.nic.fr.
0.a.2.ip6.arpa.		86400	IN	NS	sec1.apnic.net.
0.a.2.ip6.arpa.		86400	IN	NS	sns-pb.isc.org.
0.a.2.ip6.arpa.		86400	IN	NS	sec3.apnic.net.
0.a.2.ip6.arpa.		86400	IN	NS	pri.authdns.ripe.net.
;; Received 246 bytes from 2001:67c:e0::2#53(2001:67c:e0::2) in 20 ms

0.0.6.6.1.0.a.2.ip6.arpa. 172800 IN	NS	ns1.fullsave.com.
0.0.6.6.1.0.a.2.ip6.arpa. 172800 IN	NS	ns2.fullsave.com.
;; Received 138 bytes from 
2001:660:3006:1::1:1#53(2001:660:3006:1::1:1) in 9 ms

3.8.0.8.0.0.6.6.1.0.a.2.ip6.arpa. 604800 IN NS	ns1.tetaneutral.net.
3.8.0.8.0.0.6.6.1.0.a.2.ip6.arpa. 604800 IN NS	ns2.tetaneutral.net.
;; Received 141 bytes from 
2a01:6600:1080:1800::1#53(2a01:6600:1080:1800::1) in 30 ms

e.c.3.8.0.8.0.0.6.6.1.0.a.2.ip6.arpa. 86400 IN NS 
picbackup.tetaneutral.net.
;; Received 129 bytes from 89.234.156.248#53(89.234.156.248) in 25 ms

;; connection timed out; no servers could be reached

-- 
Mathieu Goessens
Hackerspace Breizh-Entropy

Plus d'informations sur la liste de diffusion technique