The web Zytrax.com, where I learned about Classless Reverse Map Delegation, says that dig -x <ip address>
isn't supposed to work in this if this method of delegation (using CNAMES) is used.
For Example:
This isn't supposed to work:
dig -x 192.168.23.66
And this is supposed to work:
dig 66.64/27.168.192.IN-ADDR.ARPA
And it does work when I modify it a bit (specify the server where it was delegated to and that I want PTR record):
dig @<name of ns where it was delegted to> PTR 66.64/27.168.192.IN-ADDR.ARPA
It seems to work as described in the tutorial:
I set similar delegation and it behaves as described above: When I use dig -x
with an ip address from the delegated range, the delegating name server tells me who has authority over 66.64/27.168.192.IN-ADDR.ARPA.
The server where the classless network was delegated to works only with the third command (dig @<name of ns where it was delegted to> PTR 66.64/27.168.192.IN-ADDR.ARPA
).
Is it OK and safe?
As it doesn't work with dig -x (or nslookup), I wonder if there are more things that don't work. Can resolvers resolve such IP addresses without issues? For instance, can email servers perform reverse lookup without issues if this method of delegation is used? Are there any reasons why not to use it?
My example (slightly modified):
dig @ns1.example.com -x 192.168.134.1
;; ANSWER SECTION:
1.134.168.192.in-addr.arpa. 60 IN CNAME 1.0-127.134.168.192.in-addr.arpa.
;; AUTHORITY SECTION:
0-127.192.113.134.in-addr.arpa. 10 IN NS ns2.example.com.
dig @ns2.example.com PTR 1.0-127.192.168.134.in-addr.arpa.
;; ANSWER SECTION:
1.0-127.192.168.192.in-addr.arpa. 10 IN PTR 1st_super.example.com.
Why it didn't work
The name of the zone to which I delegated was wrong and as used the wrong name in the second query, I got an answer (the two mistakes partially canceled each other).
Wrong (not reversed):
0-127.192.168.134.in-addr.arpa.
should have been:
0-127.134.168.192.in-addr.arpa.
With this error fixed and with delegating server being slave for the delegated zone, the dig -x <ipaddress>
works.