Search Again: Re: Secure File download problems... From: Rob Thiemann Date: Thursday, December 9, 1999 Time: 2:41:00 am Hello, At the bottom please find a mail Chris sent to me a few weeks ago. Can you: a) tell me if this has been fixed on my ISP's end? and/or b) tell me where I can look to find out if it's been fixed or not? Thanks, Rob Thiemann >So, in theory, everything should be working, right? Wrong. > >Your ISP has delegated your reverse records like this: > 184.41.201.209.in-addr.arpa. NS alice.netshak.com. > >but you have this: > 41.201.209.in-addr.arpa. NS alice.netshak.com. > >Because of the discrepancy, it is possible that some resolvers would call this a lame delegation. Your ISP has used a solution that is recommended against in the RFC's, though it does work if done right. Unfortunately, what you have isn't right. > >There are two possible solutions (do only *one* of the following): > >o Instead of having one reverse zone for the whole class C subnet (which you don't own anyway), you should have individual files for each address (because each address is delegated individually). Each file would have the following records (the SOA record is the Domain Information dialog): > 184.41.201.209.in-addr.arpa. SOA alice.netshak.com. > rthiemann.netshak.com. > 1999102700 ; serial > 28800 ; refresh (8 hours) > 7200 ; retry (2 hours) > 604800 ; expire (7 days) > 86400 ; minimum (1 day) > 184.41.201.209.in-addr.arpa. NS alice.netshak.com. > 184.41.201.209.in-addr.arpa. PTR pool1.dialin.184.netshak.com. > >o Have your ISP convert to the solution recommended in RFC 2317. This would mean changing their records from this (abbreviated with BIND shorthand): > 128 NS alice.netshak.com. > 129 NS alice.netshak.com. > 130 NS alice.netshak.com. > 131 NS alice.netshak.com. > [...] > >to this: > 128 NS alice.netshak.com. > 129 CNAME 129.128 > 130 CNAME 130.128 > 131 CNAME 131.128 > [...] > >You could then make a very simple change to your existing reverse zone file to make it work. In the Domain Information dialog, you would change the name of the zone from this: > 41.201.209.in-addr.arpa. > >to this: > 128.41.201.209.in-addr.arpa. > >This would change all of the PTR and NS records as well, so that they match up with the records in your ISP's file. > >You might also ask your ISP to add another NS record, for hookah.netshak.com. >____________________________________________________________________ >Chris Buxton cbuxton@menandmice.com >Men & Mice http://www.menandmice.com >Makers of: QuickDNS Pro

Messages In This Thread: Secure File download problems... by Rob Thiemann on Nov 7, 1999 at 2:49:00 am Re: Secure File download problems... by andrew kagan on Nov 7, 1999 at 4:53:00 pm Re: Secure File download problems... by Rob Thiemann on Nov 7, 1999 at 10:58:00 pm Re: Secure File download problems... by Men & Mice Support on Nov 8, 1999 at 1:46:00 am Re: Secure File download problems... by Rob Thiemann on Dec 9, 1999 at 2:41:00 am Re: Secure File download problems... by Men & Mice Support on Dec 9, 1999 at 3:45:00 am Re: Secure File download problems... by Rob Thiemann on Dec 9, 1999 at 4:06:00 am Re: Secure File download problems... by Men & Mice Support on Dec 9, 1999 at 4:23:00 am Re: Secure File download problems... by Men & Mice Support on Dec 9, 1999 at 5:12:00 am