DNS delegation

Thank you for your reply. To cater this what should i do.
What should i ask the ISP2 to do so that there will be no problem with the reverse lookup.

Ask ISP2 to be sure that your assigned ip (static ip) has a valid reverse lookup.

Yes I do have static IP address.

But to have valid reverse lookup what exactlty has to be done in ISP2.

The domain is reserved with the ISP1 which will not change. Only the network is getting changed now.
Pls let us know what exactly to be done in ISP2 to make the reverse dns lookup to work.
Is there any changes to be done in ISP1 also....

No change is needed for ISP1.

You'll have to talk with ISP2 support department to determine if your static IP has a valid reverse lookup.  Various ISPs handle this issue differently.  They may have a tool for you to use, or they may require you to configure a dns server to receive deligated lookups.

thank you ..
I felt the same. It means in my dns server i need to configure delegation.

Could you please expalin in detail what exact change i need to do in my dns for the delegation.
I am not expecting syntax or command but to understand what i need to do for making the delegation to work,

Sorry i am new to this......

> I felt the same. It means in my dns server i need to configure delegation.

I don't believe that to be the case. A delegation allows you to assign responsibility for a (DNS) sub-domain to a different set of servers.

When you registered your domain (depending on how you did that) you will have given two Name Server IP Addresses to the registrar. Those are used to create a delegation from the Top Level Domain servers (e.g. .com) to those who answer for your own domain. You would only modify the existing delegation or create another delegation if you were:

a. Moving the DNS servers to a new host (moving domain.com elsewhere)
b. Creating a sub-domain (e.g. sub.domain.com) which you wanted to host on different DNS servers

If you're maintaining your current DNS hosting then no changes to DNS, except for the MX record, are necessary.

The Reverse Lookup Zone isn't something you can control, you won't own the IP address range used by your new host.

So, what you need is:

1. To change the MX record, or the A record for your mail server so it reflects the new IP address
2. To request that your new host add a PTR record (Reverse Lookup) for your new IP address pointing back at the name of your mail server

Chris

I got the information from my 2nd ISP that i need to setup reverse lookup at our side & the ISP 2 will do the delegation.

It matches your answer.

Can you guide me how exaclty i need to configure my DNS server for the reverse lookup with my new ISP ?

What DNS software are you running?

In general terms you need to:

1. Create a Reverse Lookup Zone
2. Add PTR records for any hosts

That's very brief and vague though because this also depends on how ISP 2 delegate the zone to you. There are two types of delegation for reverse lookup zones Classful and Classless.

For Classful delegation you would create a zone like 3.2.1.in-addr.arpa for the network range 1.2.3.x. Classless delegation is used when you don't own the entire classful block (255.255.255.0, 255.255.0.0 or 255.0.0.0) and goes like this:

ISP 2 have:  3.2.1.in-addr.arpa

Individual IP addresses are delegated like this:

4.3.2.1.in-addr.arpa.  IN CNAME  4.1-28.3.2.1.in-addr.arpa.

Then your own server would host this zone "1-28.3.2.1.in-addr.arpa" which would finally contain the PTR record:

4.1-28.3.2.1.in-addr.arpa. IN PTR host.domain.com.

Have they told you what they're going to delegate yet?

Chris

I am running BIND. I will check with my ISP regarding how they are going to delegate it & will get bak to you......

Okay. Yell if you need help with the configuration or the zone itself :)

Chris

Chris - Would like to know the following things.

As I have mentioned I am installing a new DNS servers under ISP2.
Apart from mail there are other services like websites published under ISP1 with their networks.
DNS functionality includes publishing of the A record , MX record , SOA & NS record for our websites.

Take for example I have the following A record -> www.abc.com <--> 1.1.1.1 from ISP1
This is configured on DNS server which is under the ISP1.

While moving to the new DNS server which is under the 2nd ISP IP network  my A record will remain the same but the only thing is it will be published under the DNS server which will be under ISP2 network.
Let me know whether this will work or not ?

Yes it will, that sounds absolutely fine.

Chris

So in case of only MX record change i need to do the delegation.

My domain name is registered under the ISP1. Can I maintain the same or should i shift the domain registration to my 2nd ISP.

If ISP2 is taking over DNS for the domain then you just need to reinstate the MX record at ISP2. The MX record can point to any mail server, either at ISP1 or ISP2 (or elsewhere).

Chris

Hi Chris - Still I have few confusion regarding this.

I am not able to really get the point why i should do the following.....

2. To request that your new host add a PTR record (Reverse Lookup) for your new IP address pointing back at the name of your mail server

Hi Chris

I got further information regarding this.
My ISP1 DNS server is configured to do the reverse dns lookup for my mail domains.
But when i tried the same on my DNS server the query request got refused. So it means I need to configure my DNS server to perform the reverse dns lookup.

My query is since my DNS server is not configured for the reverse DNS lookup how it was working fine till now. Will my ISP DNS server will be taking care of all the reverse DNS lookup . If so how ?

Did you ever find out how ISP2 are going to delegate it to you? Or are they going to maintain it themselves?

Chris

I have escalated to them but not got the feedback. Waiting for it.

You can see where responsibility lies at the moment with NsLookup.

If your public IP Address was 1.2.3.4 then this query would show you who is responsible:

nslookup -q=ns 3.2.1.in-addr.arpa

If there's no response for that, try:

nslookup -q=ns 2.1.in-addr.arpa

Otherwise, grab Dig (there's a Windows version here: http://members.shaw.ca/nicholas.fong/dig/

Then you can run:

dig 4.3.2.1.in-addr.arpa ptr +trace

Which will show you the full resolution path.

Chris

I tried the NS lookup on my ISP DNS server & it returned the required lookup.

But when i did the same in my DNS server it replied that Query refused.

Does your DNS server allow recursive queries? If it doesn't then it would explain why it's refused. It would also suggest that there's no problem (as such).

Chris

mine is not recursive.

Then Query Refused is understandable, you'll only give answers for zones you host directly.

Chris

so in this case if i configure for PTR in my DNS server will it allow to reverse lookup..

Either you must be authoritative for the reverse lookup zone, or you must allow recursive name resolution.

Do note that while you may not be able to use your own DNS server to resolve the address (because it's refusing recursion) any DNS that permits recursion will be able to. If I were to ask for your PTR record I would not need to talk to your own DNS server unless you have authority delegated to you for the (reverse lookup) zone. I would only need your DNS server for forward lookup.

Chris

Chris - I have attached the diagram for reference. In the diagram its mentioned about my current mail flow & the proposed mail flow. The Mail severs mentioned are managed by us,.We also purchased the secondary DNS server services from ISP1.
We ae now shifting the traffic to ISP2. So my ISP 1 suggested to make the reverse dns lookup at our DNS server which is currently not configured & also ISP2 should be configured for delegation.

PLease let me know if this is right.

I think you're better thinking of the name resolution paths for arpa.

Lets make up two IP blocks for this, 1.2.x.x (2.1.in-addr.arpa) for ISP1 and 3.2.x.x (3.2.in-addr.arpa) for ISP2. We'll say that 1.2.1.x and 3.2.1.x are the IP blocks you use for the purposes of illustration. This is the approximate delegation structure:


                               Root DNS Servers (a to m.root-servers.net)
                                                             |
                                                             |  Delegation of arpa to Regional Internet Registries
                                                             |
                                 RIR (ARIN, RIPE, APNIC, LACNIC, AfriNIC)
                                                  /                         \
            Delegation of 1.2.x.x    /                            \      Delegation of 3.2.x.x
                                               /                               \
                                            ISP 1                         ISP 2
                                                \                             /
            Delegation of 1.2.1.x     \                          /       Delegation of 3.2.1.x
                                                   \                       /
                                                   Your DNS Server

Clients asking to resolve names from IP Addresses in each of the IP blocks will follow the delegation structure above, which means the only way to get to "3.2.1.x" is via ISP 2.

The piece that's potentially missing at the moment is the delegation from ISP 2 to your DNS server. Either that path must stop at ISP 2 and they give an answer, or a Delegation must be put in place so you can provide the answer.

I hope that makes sense!

Chris

Chris thanks for the detailed reply.
I am getting the concept now..

My ISP 2 says they will be providing delegation.So in this case I will be providing the answer.
I hope my understanding is right. For this the changes will be done at ISP2 side.

My side will be making the PTR entry as x.x.x.rev
in that file I will be making the entry of the  ISP2 network.
Ex -

; PTR records
;
165            IN      PTR      abc.xyz.com
166            IN      PTR      def.xyz.com

Rajeev -
[I tried the NS lookup on my ISP DNS server & it returned the required lookup.

But when i did the same in my DNS server it replied that Query refused.]

Chris
[Does your DNS server allow recursive queries? If it doesn't then it would explain why it's refused. It would also suggest that there's no problem (as such).]

Rajeev
I got the reply from my vendor that my DNS  restricts recursion query.
I am not able to understand why recursion query will not give the required lookup.

thanks