Search Again: Re: Secure File download problems... From: Men & Mice Support Date: Monday, November 8, 1999 Time: 1:46:00 am At 5:58 PM -0500 11/7/99, Rob Thiemann wrote: >>Do you have the IP address in your reverse zone? That's usually what this >>message is asking for. > >Yes. as I set them up i checked the create reverse DNS entry setting... You have the following record: 184.41.201.209.in-addr.arpa. PTR pool1.dialin.184.netshak.com. and pool1.dialin.184.netshak.com. A 209.201.41.184 So, in theory, everything should be working, right? Wrong. Your ISP has delegated your reverse records like this: 184.41.201.209.in-addr.arpa. NS alice.netshak.com. but you have this: 41.201.209.in-addr.arpa. NS alice.netshak.com. Because of the discrepancy, it is possible that some resolvers would call this a lame delegation. Your ISP has used a solution that is recommended against in the RFC's, though it does work if done right. Unfortunately, what you have isn't right. There are two possible solutions (do only *one* of the following): o Instead of having one reverse zone for the whole class C subnet (which you don't own anyway), you should have individual files for each address (because each address is delegated individually). Each file would have the following records (the SOA record is the Domain Information dialog): 184.41.201.209.in-addr.arpa. SOA alice.netshak.com. rthiemann.netshak.com. 1999102700 ; serial 28800 ; refresh (8 hours) 7200 ; retry (2 hours) 604800 ; expire (7 days) 86400 ; minimum (1 day) 184.41.201.209.in-addr.arpa. NS alice.netshak.com. 184.41.201.209.in-addr.arpa. PTR pool1.dialin.184.netshak.com. o Have your ISP convert to the solution recommended in RFC 2317. This would mean changing their records from this (abbreviated with BIND shorthand): 128 NS alice.netshak.com. 129 NS alice.netshak.com. 130 NS alice.netshak.com. 131 NS alice.netshak.com. [...] to this: 128 NS alice.netshak.com. 129 CNAME 129.128 130 CNAME 130.128 131 CNAME 131.128 [...] You could then make a very simple change to your existing reverse zone file to make it work. In the Domain Information dialog, you would change the name of the zone from this: 41.201.209.in-addr.arpa. to this: 128.41.201.209.in-addr.arpa. This would change all of the PTR and NS records as well, so that they match up with the records in your ISP's file. You might also ask your ISP to add another NS record, for hookah.netshak.com. ____________________________________________________________________ Chris Buxton cbuxton@menandmice.com Men & Mice http://www.menandmice.com Makers of: QuickDNS Pro

Messages In This Thread: Secure File download problems... by Rob Thiemann on Nov 7, 1999 at 2:49:00 am Re: Secure File download problems... by andrew kagan on Nov 7, 1999 at 4:53:00 pm Re: Secure File download problems... by Rob Thiemann on Nov 7, 1999 at 10:58:00 pm Re: Secure File download problems... by Men & Mice Support on Nov 8, 1999 at 1:46:00 am Re: Secure File download problems... by Rob Thiemann on Dec 9, 1999 at 2:41:00 am Re: Secure File download problems... by Men & Mice Support on Dec 9, 1999 at 3:45:00 am Re: Secure File download problems... by Rob Thiemann on Dec 9, 1999 at 4:06:00 am Re: Secure File download problems... by Men & Mice Support on Dec 9, 1999 at 4:23:00 am Re: Secure File download problems... by Men & Mice Support on Dec 9, 1999 at 5:12:00 am