>    zone "17.99.209.in-addr.arpa"{
>     type master;
>     file "17.99.209";
>    };
>
>Well this works, it claims authority for the whole 209.99.17.xxx group,
>while I really only have authority over 209.99.17/26.  I have tried
>setting up the zone file 128.17.99.209 and using PTR records, but this
>didn't work.  I think I'm missing something.

Your reverse zone should be named 128/26.17.99.209.in-addr.arpa.  Your
provider must put the following in his 17.99.209.in-addr.arpa zone:

128/26  NS    talus.obi.com.
128     CNAME 128.128/26
129     CNAME 129.128/26
130     CNAME 130.128/26
....
191     CNAME 191.128/26


--------------------------------------------------------------------------------
================================================================================
--------------------------------------------------------------------------------


I guess it's that time of week again.

> Subject: Reverse DNS, IP addr -> name via PTR
> Date: Thu, 5 Aug 1999 13:27:38 -0400 (EDT)
> 
> OK, one more time, since there has been a spate of questions about this
> again ...
> 
> If you have a domain and a set of IP addresses, e.g., foo.com and
> 1.2.3.0/24, then you will not only want to do forward DNS lookups from
> host names to IP addresses, but also reverse DNS lookups from the host
> names to the IP addresses.  This does NOT happen automatically!
> Instead, you have to construct a separate reverse DNS zone whose name
> is based on the portion of the network that you own.  [I'll mention
> what to do if you don't own the whole network portion, later.]
> 
> There is nothing magic about a reverse DNS zone.  By convention, it is
> based on the "in-addr.arpa" domain.  Its name is constructed on the
> REVERSED IP address of the network - in this case, 3.2.1.in-addr.arpa.
> In all ways, it is a regular domain - its parent domain, e.g., is
> 2.1.in-addr.arpa - we'll get to why that's important in a minute.
> 
> In the named.boot or named.conf, on your master [primary] name server,
> you associate the name of the domain/zone with the name of some file
> that contains the zone information.  In this zone file, you will have,
> as always:
> 
> 	$TTL	nnnnnnn
> 	@	IN  SOA	...
> 		IN  NS	ns.foo.com.
> 
> and then you must put your pointers from the host numbers back to the
> names, e.g.:
>
> 	1	IN  PTR		router.foo.com.
> 	2	IN  PTR		firewall.foo.com.
> 	3	IN  PTR		host.foo.com.
> 	...
> 	42	IN  PTR		answer.foo.com.
> 	...
> 
> Now, giving your local name server all of this information, it will
> return any reverse-DNS query with the proper information.  E.g.,
> queries of the form:
> 
> 	nslookup  1.2.3.42    ns.foo.com
> 	nslookup  -type=ptr  42.3.2.1.in-addr.arpa   ns.foo.com
> 	dig   @ns.foo.com   42.3.2.1.in-addr.arpa  ptr
> 
> will return the host name as part of the answer.
> 
> Internally to your network, if you have configured your /etc/resolv.conf
> file to point to ns.foo.com's IP address, then you don't even have to
> tell it to ask ns.foo.com.  Queries will automatically go to that name
> server.
> 
> EXTERNALLY to your network, it's a different story.  If you want
> others to also see your reverse DNS [and you usually do], you need to
> get the co-operation of whoever owns your reverse DNS parent domain,
> 2.1.in-addr.arpa.  They must list "3" as a subdomain of their domain,
> with an NS record in their zone file pointing to your name server.
> Then someone asking from the outside about 42.3.2.1.in-addr.arpa will
> be able to go to the root server, find out who owns 1.in-addr.arpa, and
> from them who owns 2.1.in-addr.arpa, and from them who your name server
> is ... and thence get the name.  Just exactly as in forward DNS lookups.
> 
> NOW, if your network does not break at an octet boundary, you must look
> at RFC 2317, which has a trick to create a subnetwork that includes
> your network name and bitsize, and then have your hosts' IP addresses
> be names off that network.  You can use the trick detailed in RFC 2317
> or one like it.  Believe me, it works.  But you need the co-operation
> of the owner of your parent network.
> 
> If you only have a few IP addresses, or you have IP addresses from
> different networks, you will probably want to just leave forward and
> reverse DNS entries to the owners of those networks.  Again, they have
> to be willing.
> 
> Fair 'nuff?