How to do rDNS

NoBaloney2

NoBaloney Internet Svcs.
Joined
Jun 17, 2007
Messages
498
Location
California
Herewith, in response to a question in another thread, is my How-To on installing rDNS within DirectAdmin, for an entire IP delegation. While this example is for a Class C delegation (256 IP#s), it doesn't require much in the way of changes to change the delegation size.

Note that we offer rDNS hosting for other companies; we don't just do t for ourselves, so we've got a more complex setup than this because we host multiply in-addr.arpa zones; this setup is simplified for only one in-addr.arpa zone:

First we set up a manually controlled set of files for BIND:

We create a subdirectory inside of /etc: [/i]/etc/named[/i], chowned named:named and chmodded 755. This directory and any subdirectories will not be touched by DirectAdmin.

Inside that directory we create another subdirectory, /etc/named/us to indicate the in-addr.arpa zone is for us, not for one of our clients for whom we host rDNS. It's chowned and chmodded the same way. (If you want a user with shell access to be able to modify the files without becoming root, you can make that user a member of the named group and chmod 775 instead of 755.)

In the /etc/named directory, in addition to the us directory we also create a file (chmod 644, chown named:named), reverse.named.conf

The reverse named.conf file contains one line for each in-addr.arpa zone (one of ours shown, for our 74.124.205.0/24 delegation):
Code:
zone "205.124.74.in-addr.arpa" { type master; file "/etc/named/us/205.124.74.in-addr.arpa.db"; };
Then in the us subdirectory we create the 205.124.74.in-addr.arpa.db file, chmod 644, chown named:named.

In that line we use a standard header:
Code:
$TTL 600
@       IN      SOA     ns1.ns-one.net. hostmaster.ns-one.net. (
                                        2012013003
                                        10800
                                        3600
                                        904800
                                        600 )
        IN      NS      ns1.ns-one.net.
        IN      NS      ns2.ns-one.net.
Note these values work for us; be sure you understand what you use, and why. Do not use the ns-one.net nameservers; if you do, nothing's going to work; you need to use your own nameservers. I presume you understand how to create a zone file header; others, who don't, may want to hire us to set this up for them; we've been experts in DNS since the 1990s.
Underneath the header we use rDNS records set up this way (these are the first four records in our file; I decline to show others, to preserve our users' privacy, but you can probably find them if you know how to use dig).
Code:
0       IN      PTR     nw101.namelessnet.net.
1       IN      PTR     gw101.namelessnet.net.
2       IN      PTR     ns1.namelessnet.net.
3       IN      PTR     bu1.namelessnet.net.
Note that we assign rDNS for all IP#s in the network; for networks we use the network numbers set up for them in our routers; the first network is defined in our network as nw101. gw101 is the gateway address for nw101, etc. For IP#s not yet assigned we use no101, and for the broadcast address we use bc101, changing the network numbers of course for each network we've built out of the /24.

After this is done, and checked to make sure it's right, we set up the include in /etc/named.conf, to include this /etc/named set in our DNS.

Near the top of /etc/named.conf (we put it right under the rndc.key line):
Code:
include "/etc/rndc.key";
We put in this line directly under the line above:
Code:
include "/etc/named/reverse.named.conf";
Note that this line will not be affected by anything you do with DirectAdmin:

Once you're done with all of the above, you should restart your BIND and then check to make sure it's running, by doing a lookup on one of your regular domains, and then when that works, trying an rDNS lookup.

For example:
Code:
dig -x 74.124.205.95
If everything works except for rDNS, try a trace to find any errors:
Code:
dig -x 74.124.205.95 +trace
Anyone who needs this done and isn't sure of his/her ability, can hire us; contact me by email at the email address in my siglines.

Jeff
 
Top