[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 650
  • Last Modified:

Reverse DNS troubles

Hi,

I'm having trouble getting our network to do reverse-dns lookups correctly. I'll try to explain a bit.

We registered two DNS machines at Network Solutions. We set up our master and slave machines, and can do forward lookups with no problems. We are using a big ISP to provide bandwidth to us- through the router that they provided. I am wondering if they need to set us up as authoritative for our domain name. The reason that I draw this conclusion is that I CAN do reverse lookups on the local area. However, outside the router and from another network, I cannot. My point is that I think that the host name is not getting resolved into an IP because of something between an outside network and my DNS machines. In short;

-inside LAN (reverse DNS lookups work)
-outside LAN (reverse DNS do NOT work)

Thank You
0
xybx
Asked:
xybx
  • 2
1 Solution
 
td_milesCommented:
When you talk about "reverse-dns" you are meaning resolving an IP address to a domain name ? EG.


# dig -x 139.130.4.4

;; ANSWER SECTION:
4.4.130.139.in-addr.arpa. 86383 IN      PTR     uneeda.telstra.net.


??

If you are talking about reverse lookup in this sense, then yes, your ISP needs to delegate you as authorative for the reverse DNS of IP subnet they have allocated to you. You should be aware that you can only delegate on the Class boundaries for reverse DNS, so that if you got less than a /24  (ie. Class C) IP address allocation, then they can't delegate the reverse DNS to you. If this is the case you will have to get them to manually add the entries for the IP addresses that you have and require set up.
0
 
xybxAuthor Commented:
Hey, I appreciate it. I have read that information in one form or another, but you said it the way I needed to hear it.

We do have only a subset of a Class C. You wrote "..you will have to get them to manually add the entries for the IP addresses that you have and require set up." Does this mean we'll have to get them to add each domain we want reverse DNS for (We have a ton), or just the IP address?

Thanks

0
 
td_milesCommented:
You may have multiple domains, but the number of IP addresses that you have is limited. All you need to do is talk to the right person (at your ISP) and say "here is a list of our server names & IP addresses, can you setup the reverse DNS for them", then give them a list that looks something like:

1.1.1.1 = www.domain.com
1.1.1.2 = mail.domain.com
1.1.1.3 = www.domain2.com
1.1.1.4 = sql.domain2.com

If you are doing virtual IP hosting (ie. hosting multiple domain websites on a single IP address) then a stack of the IP addresses will all be the same.

They will then add the above entries to their DNS for the zone  "1.1.1.in-addr.arpa." (in my above example) and you should then be able to resolve your IP addresses to the names of the servers that are running on them.

Some mail servers only accept connections from servers where they can do a reverse DNS lookup to verify that the server is who it says it is (as determined by DNS). As such, it is getting more important to have reverse DNS setup or else some things don't work.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now