Solved

DNS, reverse lookup and PTR records

Posted on 2014-04-22
3
726 Views
Last Modified: 2014-05-12
Question: Secure services in your network require reverse name resolution to make it more difficult to launch successful attacks against the services. To set this up, you configure a reverse lookup zone and proceed to add records. Which record types do you need to create?
Answer: PTR Records


I setup small business 2003 which comes with exchange built in for client once. Before my arrival he said everytime he would send an email to an AOL email address he would recieve a  bounce back message.

I then read on the internet that I have to create a PTR record - and that can only be done by the broadband company. I then left the company and never understood the whole thing.

Can some one explain what exactly a PTR record is? what is it so necessary?
0
Comment
Question by:Ikky786
3 Comments
 
LVL 83

Accepted Solution

by:
Dave Baldwin earned 167 total points
ID: 40014161
Below are the DNS records for Microsoft.com.  You can see that each of the 'nameservers' and the main 'microsoft.com' site have PTR records associated with them.  It is basically a way to cross check that the remote IP is valid for the domain.
1	microsoft.com	NS	ns5.msft.net	65.55.226.140		Answer	
2	microsoft.com	NS	ns1.msft.net	65.55.37.62		Answer	
3	microsoft.com	NS	ns2.msft.net	64.4.59.173		Answer	
4	microsoft.com	NS	ns3.msft.net	213.199.180.53		Answer	
5	microsoft.com	NS	ns4.msft.net	208.76.45.53		Answer	
6	microsoft.com	MX	microsoft-com.mail.protection.outlook.com	207.46.163.215	Preference: 10	Answer	
7	microsoft.com	A	microsoft.com	65.55.58.201		Answer	
8	microsoft.com	A	microsoft.com	65.55.58.201		Answer	
9	microsoft.com	CNAME			Error 9501: No records found for given DNS query.		
10	microsoft.com	SOA	ns1.msft.net	65.55.37.62	Admin: msnhst.microsoft.com, Default TTL: 3600, Expire: 2419200, Refresh: 300, Retry: 600, Serial: 2014042103	Answer	
11	microsoft.com	TEXT			v=spf1 include:_spf-a.microsoft.com include:_spf-b.microsoft.com include:_spf-c.microsoft.com include:_spf-ssg-a.microsoft.com include:spf-a.hotmail.com ip4:147.243.128.24 ip4:147.243.128.26 ip4:147.243.128.25 ip4:147.243.1.47 ip4:147.243.1.48 ~all	Answer	
12	microsoft.com	TEXT			FbUF6DbkE+Aw1/wi9xgDi8KVrIIZus5v8L6tbIQZkGrQ/rVQKJi8CjQbBtWtE64ey4NJJwj5J65PIggVYNabdQ==	Answer	
13	140.226.55.65.in-addr.arpa	PTR	ns5.msft.net	65.55.226.140		Answer	
14	62.37.55.65.in-addr.arpa	PTR	ns1.msft.net	65.55.37.62		Answer	
15	173.59.4.64.in-addr.arpa	PTR	ns2.msft.net	64.4.59.173		Answer	
16	53.180.199.213.in-addr.arpa	PTR	ns3.msft.net	213.199.180.53		Answer	
17	53.45.76.208.in-addr.arpa	PTR	ns4.msft.net	208.76.45.53		Answer	
18	215.163.46.207.in-addr.arpa	PTR	mail-bl24215.inbound.protection.outlook.com	207.46.163.215		Answer	
19	201.58.55.65.in-addr.arpa	PTR	00001001.ch	65.55.58.201		Answer	

Open in new window

0
 
LVL 16

Assisted Solution

by:Shaik M. Sajid
Shaik M. Sajid earned 167 total points
ID: 40014253
there is 2 things..

one is local Reverse dns which works on your local network...

the second thing is External which is done by ISP and DNS service provicer... where u publish you external DNS name...

so ask you service provider to create reverse dns entry for your External domain name

and check in the external DNS setting about the PTR record



all the best
0
 
LVL 19

Assisted Solution

by:alextoft
alextoft earned 166 total points
ID: 40014818
If you imagine a DNS "A" record as allowing you to resolve mail.domain.com to 1.2.3.4, a PTR record is the reverse; it allows you to resolve 1.2.3.4 to mail.domain.com

Just like a domain name has "NS" (nameserver) records attached to it which tell clients where to go to resolve hostnames in domain.com so do IP blocks. It's usually used as an anti-spam technique - checking that the server has a PTR record which ties it to the domain it's performing email services on behalf of, and/or that the A and PTR records resolve to each other.
0

Featured Post

3 Use Cases for Connected Systems

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, testing some more, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
DNS A record 4 50
forwarding dns requests 7 43
Exchange 2010 Autodiscover for iOS devices 4 43
AD Sites/AD Replication 11 34
This article is intended as an extension of a blog on Aging and Scavenging by the MS Enterprise Networking Team. In brief, Scavenging is used as follows: Each record in a zone which has been dynamically registered with an MS DNS Server will have…
This article explains how a domain name may be inadvertently appended to all DNS queries. This exhibits as described below. (CODE)And / Or: (CODE) Cause This issue can occur in either of these two scenarios. EITHER 1. A Primary DNS S…
Along with being a a promotional video for my three-day Annielytics Dashboard Seminor, this Micro Tutorial is an intro to Google Analytics API data.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question