Reverse DNS how?!?!?

You should have only one reverse record per IP#.

While the protocol allows for multiple reverse records per IP, some programs don't know how to handle them.

They won't just "work" intelligently as you'd expect. Whoever looks up the IP# using either dig or nslookup will see either a list of all or some of the reverse resolutions, or get an error, depending on how the resolver s/he's using works.

And unless you've got an entire C-class or a reasonably sized delegated subnet, you can do reverse DNS all you won't, but the Internet at large won't see your records anyway, because most upstreams won't delegate the authority to you.

Jeff
 
Jeff,

Does that mean I only need to create PTRs for those clients who have dedicated IPs and those who use server's shared IPs don't need PTRs as long as the server's shared IPs have associated PTRs right?

Thanks,
Ben
 
Ok, are there two schools of thoughts here, or am I missing something?

Can the reverse DNS be set up entirely through DA or does files need to be edited? (my service supplier has submitted a r nds request for me, so I'm just waiting for propagation).

Cheers,
C.
 
No. Thanks for the link! So to sum it up:

For my domain dot2me.com at IP 64.92.163.250, I would do the following:

i. Add a domain through DA called
250.163.92.in-addr.arpa

ii. Set the PTR for that to dot2me.com

iii. Delete all other records execpt
NS1 ns1.dot2me.com
NS2 ns2.dot2me.com

iv. Login as root and ee /etc/namedb/named.conf and /var/named/hostname.db and adding these:http://help.directadmin.com/item.php?id=21



If that is correct, then what do I do to set up a reverse lookup for my mail? It's on the same IP. Should I start from # ii above and just add PRT mail.dot2me.com and add this too to the files in # iv?

C.
 
Last edited:
Charliez,

What I did was created a PTR for my server IP after followed the intructions on that link and it now resolves correctly for my domain (of cource my mail server too). Also, it resolves for my clients who use the shared IP addresses as well.

You can test it by going to www.dnsstuff.com and use the Reverse DNS tool.

However, it can't resolve for those who have dedicated IPs so what I'm going to do is have ISP delegate rDNS for those dedicated IP clients. If it works for my main domain I don't see any reason why it doesn't work for my dedicated IP clients. I'll let you know.

Everyone, please point me to the right direction if what I said is wrong. I'm a newbie too.

Many thanks.
 
anewbie2 said:
You can test it by going to www.dnsstuff.com and use the Reverse DNS tool.
Click to expand...
Not unless you tell us your domain name.
However, it can't resolve for those who have dedicated IPs so what I'm going to do is have ISP delegate rDNS for those dedicated IP clients. If it works for my main domain I don't see any reason why it doesn't work for my dedicated IP clients. I'll let you know.
Click to expand...
It's extremely unlikely that your upstream would have authorized revers DNS for you for one IP# and not the others; my guess is your upstream is authoritative for all but only doing rDNS for the main IP#.
Everyone, please point me to the right direction if what I said is wrong. I'm a newbie too.
Click to expand...
If you post your IP#s we can check rDNS for you and tell you which nameserver is authoritative for it.

Jeff

Many thanks. [/B][/QUOTE]
 
Last edited:
That is correct. It's perhaps a bit oversimplified, but it does work for sites created entirely in, and managed entirely in, DA.

Jeff
 
Thanks all for your replies! Most appreciated.

I'm a little curious in re on small thing. I asked my service supplier to authorize the reverse DNS for me. Now, without (yet) changning anything in DA, all reverse lookup seems to work.

I presume it is just seemingly functional, and I'll add the PTR and do the other changes on the server later tonight. But is that normal behaviour? Just trying to figure out how things work. I mean:

http://www.dnsstuff.com/tools/ptr.ch?ip=dot2me.com
http://www.dnsreport.com/tools/dnsreport.ch?domain=dot2me.com

"The IPs of all of your mail server(s) have reverse DNS (PTR) entries"

Just curious to why this is possible before I have started changing anything on the server.

Cheers,
C.
 
Reverse lookup takes place by getting the name on the IP. This will be checked @ you're ISP, not through DNS. So if you're ISP has set the [name] to the IP it's fine, as long as the [name] is resolves to that ip.
 
Huh? Most of this may be passing, whooom, right over my head, but I still keep on learning.

So I don't actually need to set up the server to respond to the lookup in any way? Not like a normal domain setup?
 
Ok I'll try to explain how I did it :P

I requested a reverse IP lookup on one of my servers IPs: 10.0.0.0 to lookup to: server01.fusion-ict.nl

On my server I've added an A record server01.fusion-ict.nl to the IP.

And that was it. Since then it always worked like a charm. Nothing fuzzy etc.

Why I needed reverse lookup: Some of my users have another reseller account with another hosting company. this company checks the mail it receives and does a reverse lookup to check if it is really who he says he is. My mail server respons like: server01.fusion-ict.nl and this server checks the IP if it resolves to this address.

NSLOOKUP/DIG all work just fine with it. So why do more if it isn't needed.
 
Last edited:
Wow. I feel like when I was working my way through the 172 page Boose surround system manual, and my wife just came along and clicked "power" and the damn thing worked.
 
fusionictnl has explained more succinctly than I ever did, how to set up reverse DNS if your upstream (he called it the isp) keeps DNS authority for themselves. In that case your server will never get a DNS request.

However if your upstream has given DNS authority to you (either because it's their policy or you've asked them to) then you need to do it on your nameserver(s).

Thanks, fusionictnl, for making it so much clearer than I did.

Jeff
 
Well the good thing is that I learned a lot. I wouldn't have if I hadn't missed the important difference between situations where the upstream delegate DNS authority and where they keep DNS authority to themselves.

Thanks to all!

Cheers,
Charlie.
 
That DA help page is quite simplified, and in fact won't work in many situations.

Did your upstream delegate authority to you?

if so, with what zone name?

If you give us the real zone and domain information someone may be able to help you.

Jeff
 
i'm not authorised to give all the info about the domain, i'm only on a support team,
just tell me how for exmple.com
 
If I took the time to trace example.com through the DNS hierarchy the resulting information wouldn't help you at all.

Anyone who thinks hiding domain information helps security in any way is sadly mistaken. The information in DNS is not only public, it's important that it be public or the Internet wouldn't work.

For more information, check this.

Jeff
 
You must log in or register to reply here.
Back
Top