pulseeenergy
asked on
reverse DNS problem
We need machines within our network to be able to do a reverse DNS lookup on our external / public-facing IP and have our domain name come back as the result. Right now, it's resolving to a hostname on our ISP side, and as such is giving sendmail a hard time trying to get mail out from inside our network. Our IP is 209.17.x.x - what do we need to do specifically in order to get this working? I've included
Here is what our zone file for our external IP looks like on our internal DNS server:
ORIGIN x.x.209.IN-ADDR.ARPA.
$TTL 3600
@ SOA ns1.(omitted).com. (omitted).(omitted).com (
1000000027 ; Serial
3600 ; Refresh
900 ; Retry
3600000 ; Expire
3600 ) ; Minimum
NS ns1.(omitted).com.
1. PTR (omitted).com.
And here is the localhost (127.0.0) zone file:
$ORIGIN 0.0.127.IN-ADDR.ARPA.
$TTL 3600
@ SOA ns1.omitted.com. omitted. (
1000000002 ; Serial
3600 ; Refresh
900 ; Retry
3600000 ; Expire
3600 ) ; Minimum
NS ns1.omitted.com.
1 PTR localhost.
And here is our named.conf :
// Generic options
controls {
inet * allow { any; } keys { "rndc-key"; };
};
//My old key from itpeer was shorter so I just commed to note that.
//key "rndc-key" {
// algorithm hmac-md5;
// secret "(omitted)=";
//};
key "rndckey" {
algorithm hmac-md5;
secret "(omitted)";
};
options {
//version "(omitted).com DNslave/isc-bind";
directory "/var/named";
auth-nxdomain yes;
also-notify { 192.168.2.11; };
};
view "internal" {
//match-clients { 192.168.2.0/24; 192.168.0.0/24; 192.168.1.0/24; 192.168.3.0/24; 127.0.0.1/32; };
match-clients { any; };
allow-transfer { 192.168.2.11; };
recursion yes;
zone "0.0.127.IN-ADDR.ARPA" {
type master;
file "127.0.0";
};
zone "(omitted1)" {
type master;
file "(omitted1)";
};
zone "(omitted2)" {
type master;
file "(omitted2)";
};
zone "2.168.192.IN-ADDR.ARPA" {
type master;
file "192.168.2";
};
zone "0.168.192.IN-ADDR.ARPA" {
type master;
file "192.168.0";
};
};
Please advise as to what we specifically need to add to make it so when servers on our internal network running sendmail can successfully HELO an smtp server, for example, and have it find our domain name , instead of the ISP hostname.
Here is what our zone file for our external IP looks like on our internal DNS server:
ORIGIN x.x.209.IN-ADDR.ARPA.
$TTL 3600
@ SOA ns1.(omitted).com. (omitted).(omitted).com (
1000000027 ; Serial
3600 ; Refresh
900 ; Retry
3600000 ; Expire
3600 ) ; Minimum
NS ns1.(omitted).com.
1. PTR (omitted).com.
And here is the localhost (127.0.0) zone file:
$ORIGIN 0.0.127.IN-ADDR.ARPA.
$TTL 3600
@ SOA ns1.omitted.com. omitted. (
1000000002 ; Serial
3600 ; Refresh
900 ; Retry
3600000 ; Expire
3600 ) ; Minimum
NS ns1.omitted.com.
1 PTR localhost.
And here is our named.conf :
// Generic options
controls {
inet * allow { any; } keys { "rndc-key"; };
};
//My old key from itpeer was shorter so I just commed to note that.
//key "rndc-key" {
// algorithm hmac-md5;
// secret "(omitted)=";
//};
key "rndckey" {
algorithm hmac-md5;
secret "(omitted)";
};
options {
//version "(omitted).com DNslave/isc-bind";
directory "/var/named";
auth-nxdomain yes;
also-notify { 192.168.2.11; };
};
view "internal" {
//match-clients { 192.168.2.0/24; 192.168.0.0/24; 192.168.1.0/24; 192.168.3.0/24; 127.0.0.1/32; };
match-clients { any; };
allow-transfer { 192.168.2.11; };
recursion yes;
zone "0.0.127.IN-ADDR.ARPA" {
type master;
file "127.0.0";
};
zone "(omitted1)" {
type master;
file "(omitted1)";
};
zone "(omitted2)" {
type master;
file "(omitted2)";
};
zone "2.168.192.IN-ADDR.ARPA" {
type master;
file "192.168.2";
};
zone "0.168.192.IN-ADDR.ARPA" {
type master;
file "192.168.0";
};
};
Please advise as to what we specifically need to add to make it so when servers on our internal network running sendmail can successfully HELO an smtp server, for example, and have it find our domain name , instead of the ISP hostname.
ASKER
Hm, alright, thanks! What would be the correct syntax for the zone entry and the record? I'm not sure how to add it in.
Not sure, what you are running for a DNS server? I am most familiar with Windows DNS so maybe someone can give you exact instructions on how to do it with your DNS server.
ASKER
It's just a RHEL box running the named service, from what I understand. We'd need to see the verbatim entry for our config that we'd need to add so we can get running. Can anyone please advise?
The reverse DNS for your external IP address is not hosted on your name server.
It is one your ISP's name server. That is why you need to ask you ISP to do it.
It is one your ISP's name server. That is why you need to ask you ISP to do it.
Well, actually if he is doing his own internal DNS severing and all his internal computers are using his DNS server he can do the reverse lookup.
To setup your own internal DNS server on RH you can read:
http://www.redhat.com/magazine/025nov06/features/dns/
http://www.redhat.com/magazine/026dec06/features/dns/
Now, doing this on your own internal DNS server will NOT help external resolution. That is, if I try to send e-mail to use I will most likely NOT use your internal DNS servers. I will use your public DNS servers.
If you want to handle both your forward (name to address) and reverse (address to name) you will need to talk to your ISP so that they will delegate this to your servers. However I would recommend against this.
To setup your own internal DNS server on RH you can read:
http://www.redhat.com/magazine/025nov06/features/dns/
http://www.redhat.com/magazine/026dec06/features/dns/
Now, doing this on your own internal DNS server will NOT help external resolution. That is, if I try to send e-mail to use I will most likely NOT use your internal DNS servers. I will use your public DNS servers.
If you want to handle both your forward (name to address) and reverse (address to name) you will need to talk to your ISP so that they will delegate this to your servers. However I would recommend against this.
Helo,
Do you have a primary domain configured as a zone, on your server. You are running a DNS service called BIND, 'named' is the daemon that runs BIND, locally.
192.168.2.11 is the mail server?
I am not sure without more information, but if your internal zone on BIND is using the same domain name as your external web presence there will be issues. I would create a CNAME record for your website (WWW, public IP), and an MX record pointing toward your sendmail box.
Do you have a primary domain configured as a zone, on your server. You are running a DNS service called BIND, 'named' is the daemon that runs BIND, locally.
192.168.2.11 is the mail server?
I am not sure without more information, but if your internal zone on BIND is using the same domain name as your external web presence there will be issues. I would create a CNAME record for your website (WWW, public IP), and an MX record pointing toward your sendmail box.
If you insist on doing this internally, (which I don't understand), you need
zone "x.x.209.IN-ADDR.ARPA" {
type master;
file "209.x.x";
};
This will make your DNS answer authorative for 209.x.x.z/24 Not sure where you are going to get all the correct values for z and what they should resolve to.
perhaps you could do a /32 version
zone "z.x.x.209.IN-ADDR.ARPA" {
type master;
file "209.x.x.z";
};
ORIGIN z.x.x.209.IN-ADDR.ARPA.
$TTL 3600
@ SOA ns1.(omitted).com. (omitted).(omitted).com (
1000000027 ; Serial
3600 ; Refresh
900 ; Retry
3600000 ; Expire
3600 ) ; Minimum
NS ns1.(omitted).com.
PTR (omitted).com.
You will need to do this externally through your ISP as well.
zone "x.x.209.IN-ADDR.ARPA" {
type master;
file "209.x.x";
};
This will make your DNS answer authorative for 209.x.x.z/24 Not sure where you are going to get all the correct values for z and what they should resolve to.
perhaps you could do a /32 version
zone "z.x.x.209.IN-ADDR.ARPA" {
type master;
file "209.x.x.z";
};
ORIGIN z.x.x.209.IN-ADDR.ARPA.
$TTL 3600
@ SOA ns1.(omitted).com. (omitted).(omitted).com (
1000000027 ; Serial
3600 ; Refresh
900 ; Retry
3600000 ; Expire
3600 ) ; Minimum
NS ns1.(omitted).com.
PTR (omitted).com.
You will need to do this externally through your ISP as well.
--> If you insist on doing this internally, (which I don't understand), you need
Some ISP's will not delegate PTR zones to customer and will not maintain entries for you in their PTR zones. In fact some ISP will not even provide PTR zones for the addresses they own.
Some ISP's will not delegate PTR zones to customer and will not maintain entries for you in their PTR zones. In fact some ISP will not even provide PTR zones for the addresses they own.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
For internal resolution you just need to create a zone that is your external domain name and then create an A record for your mail server that points at the internal IP.