Forum Discussion

dhsmith_116072's avatar
dhsmith_116072
Icon for Nimbostratus rankNimbostratus
Dec 13, 2013

GTM DNS reverse zone for SUBNET of an IP range - can't create the legal zone name

ISP's can provide a subnetted chunk of addresses and they delegate the reverse lookups (for PTR records necessary for things like mail exchangers to work in the world) with an extended zone name desc...
  • Vernon_97235's avatar
    Vernon_97235
    Dec 18, 2013

    If you look carefully, the error is in the NS record that you attempted to create. I'm guessing you used ZoneRunner to create the zone but didn't terminate the "Name Server" entry with a dot; thus, it wrote it to the zone file in that way (and in BIND zones, without the trailing dot, $ORIGIN is appended). So, you likely entered ns5.example.com and it expanded it to ns5.example.com.128/xxx.xxx.xxx.xxx.in-addr.arpa.

    I was able to create a zone with a slash and populate it with PTR entries:

      dig @10.11.113.200 129.128/26.2.0.192.in-addr.arpa. ptr
 [ ... ]
 ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19206
 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
 [ ... ]
 ;; ANSWER SECTION:
 129.128/26.2.0.192.in-addr.arpa. 86400 IN PTR     host1.B.domain.

 ;; AUTHORITY SECTION:
 128/26.2.0.192.in-addr.arpa. 86400 IN   NS      ns1.f5net.com.

    I needed to rename the db file, changing the slash to something else (I chose a dash), but this doesn't affect the zone definition. This was done on 11.4.1. I mention this because the underlying BIND version varies between BIG-IP software versions. 'check-names', which is throwing your error above, is a BIND application, so depending on your BIG-IP software version, your mileage may vary.

Vernon_97235's avatar
Vernon_97235
Historic F5 Account

If you look carefully, the error is in the NS record that you attempted to create. I'm guessing you used ZoneRunner to create the zone but didn't terminate the "Name Server" entry with a dot; thus, it wrote it to the zone file in that way (and in BIND zones, without the trailing dot, $ORIGIN is appended). So, you likely entered ns5.example.com and it expanded it to ns5.example.com.128/xxx.xxx.xxx.xxx.in-addr.arpa.

I was able to create a zone with a slash and populate it with PTR entries:

  dig @10.11.113.200 129.128/26.2.0.192.in-addr.arpa. ptr
 [ ... ]
 ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19206
 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
 [ ... ]
 ;; ANSWER SECTION:
 129.128/26.2.0.192.in-addr.arpa. 86400 IN PTR     host1.B.domain.

 ;; AUTHORITY SECTION:
 128/26.2.0.192.in-addr.arpa. 86400 IN   NS      ns1.f5net.com.

I needed to rename the db file, changing the slash to something else (I chose a dash), but this doesn't affect the zone definition. This was done on 11.4.1. I mention this because the underlying BIND version varies between BIG-IP software versions. 'check-names', which is throwing your error above, is a BIND application, so depending on your BIG-IP software version, your mileage may vary.

dhsmith_116072's avatar
dhsmith_116072
Icon for Nimbostratus rankNimbostratus
Dec 18, 2013
Ok found the error of my ways... First off we are still on BIG-IP 11.4.0 Build 2405.0 Hotfix HF2 trying to get to 11.4.1.HF1 soon. I had all my dots at the ends. I too chose a dash to replace the slash in the filename. The thing that caused all the fuss was an "@" in the email contact field (understandable typo eh?) changing that to a dot allowed creation of the zone. I deleted it and recreated it with just that one deliberate error, saw error messages, changed it back to a dot and re-created the zone. Thanks for your help!!!