Hello,

On many different sites I have read that it is important to have reverse DNS for you nameservers.

Ehm...why is that?
Can someone please tell me some reasons why you should or shouldn't have that?

Thank you,
Domenico

Because there are some (broken) mail servers that don't accept mail from IP addresses without reverse name. But there aren't too many of them either, I think you'll be safe without reverse name.

Originally posted by priyadi
Because there are some (broken) mail servers that don't accept mail from IP addresses without reverse name. But there aren't too many of them either, I think you'll be safe without reverse name.

The same applies - even more - to FTP servers.

It is a good and common practice to have at least somekind of reverse DNS entry.

I would not even worry. 75% of hosts cannot have reverse DNS anyway. You need to own the IP addresses in order for the reverse DNS (PTR records) to work. As we all know, many hosts rent dedicated servers and don't have access to a whole class C or subnet, which means their host usually have to delegate those IPs to them. This is not something that can usually be done with easy, specially if the host is already getting their IPs from another provider and not from ARIN.

I short, ask your host or upstream provider to create a PTR record on their server at least for your DNS servers and primary domain name or host name. If they can't, then just don't worry about it :)

Generally you shouldn't need a reverse entry for a nameserver if it's registered, anyway. I thought that was the whole reason for having it registered. So that you can always get the IP of a nameserver, or the reverse.

But then, I don't remember what the RFC says, but it seems like it would be good practice to have a reverse entry for your nameservers.

Originally posted by bitserve
Generally you shouldn't need a reverse entry for a nameserver if it's registered, anyway. I thought that was the whole reason for having it registered. So that you can always get the IP of a nameserver, or the reverse.

But then, I don't remember what the RFC says, but it seems like it would be good practice to have a reverse entry for your nameservers.

You don't get reverse DNS when registering a name server. You only get the root servers to resolve the hostname to the IP.

oh, and also, reverse DNS doesn't work properly on name-based hosting.

Originally posted by Dylan
oh, and also, reverse DNS doesn't work properly on name-based hosting.

Agreed. You should not even attempt to do it.

Man... You guys have a lot to learn about DNS.

I suggest the following books to get you started.

http://www.amazon.com/exec/obidos/ASIN/0596001584/qid=1014434946/sr=8-1/ref=sr_8_3_1/002-6756670-4048065

http://www.amazon.com/exec/obidos/ASIN/0782127363/qid=1014435084/sr=1-7/ref=br_lfbnb_b_7/002-6756670-4048065

http://www.amazon.com/exec/obidos/ASIN/1565923227/qid=1014435084/sr=1-3/ref=br_lfbnb_b_3/002-6756670-4048065

Originally posted by bert
You don't get reverse DNS when registering a name server. You only get the root servers to resolve the hostname to the IP.

You're kidding, right?

Originally posted by remarkable
Man... You guys have a lot to learn about DNS.

I have very little to learn about DNS, unless it's changed recently.

I could use a refresher, but I'll start with the RFCs.

Thanks.

Originally posted by remarkable
Man... You guys have a lot to learn about DNS.


Except bitserve who at least knows what an RFC is.

The problem with the RFCs are they are not written for the novice to understand. The books listed above actually explain how to do things and why.

Originally posted by remarkable
Man... You guys have a lot to learn about DNS.

:o That's all I have to say.

I'd be interested in the actual titles of those books, instead of the
affiliate link ;)

Cheers
Kat

Originally posted by grafikat
I'd be interested in the actual titles of those books, instead of the
affiliate link ;)

Cheers
Kat

Ahh.. Click on the link. They are not affiliate links.

On many different sites I have read that it is important to have reverse DNS for you nameservers.

Ehm...why is that?
Can someone please tell me some reasons why you should or shouldn't have that?

Generally speaking, it's best to do rDNS. As people pointed out, not having rDNS configured can affect mail delivery and some FTP client connection. But, if you have a lot of IPs, it can become cumbersome to manage :(

Also ...
Because there are some (broken) mail servers that don't accept mail from IP addresses without reverse name. But there aren't too many of them either, I think you'll be safe without reverse name.

Mail servers that don't accept email from other servers that don't have rDNS records configured aren't broken. They simply aren't accepting email from hosts that, historically speaking, are used to relay SPAM ...

Regadless, here's an interesting story about what happen can when rDNS wasn't setup properly on a name server:

We had a name server had just been registered, and I hadn't gotten around to setting up rDNS yet. A customer tried to transfer a foreign domain to our name servers. This foreign registry thought it would be a good idea to do a reverse lookup on the actual name servers to see if reverse DNS for the name server IP was actually setup on the same server as the name server.

Not surprisingly, our reverse DNS server and the name server that the customer was trying to transfer the domain to were on different boxes. Even after setting rDNS and verifying that it was resolving properly from several different sites on the Net, this registry still wouldn't transfer the domain to our name server because it was failing their reverse DNS test.

Talk about headaches ... we ended up having to setup our rDNS zone on the name server as a secondary zone to so that the domain would finally transfer.

*sigh*

I don't understand why so many people, including some providers, have a hard time understanding DNS, especially reverse DNS. It's very easy to understand. Subdelegation is very simple. I don't understand why so many providers don't know how to do this. Also, registering name servers only puts forward DNS (A records) on the root servers.

Originally posted by ToastyX
Also, registering name servers only puts forward DNS (A records) on the root servers.

That was my point all along. I also never said that subdelegation was difficult, I just said most providers don't know how to or don't want to bother or don't care about subdelegating a few IPs :)

I will buy one of those books anyway :rolleyes:

Originally posted by remarkable


Ahh.. Click on the link. They are not affiliate links.

....My Bad.....

Sorry!

Cheers
kat

Originally posted by ToastyX
...Also, registering name servers only puts forward DNS (A records) on the root servers.

Using this information, you should be able to resolve an IP to a name. I can, anyway.

Forward DNS only maps host names to IP addresses, not IP addresses to host names. If you can resolve the IP address to a host name, then whoever owns the IP address, most likely your upstream provider, probably set it up that way.

Originally posted by ToastyX
Forward DNS only maps host names to IP addresses, not IP addresses to host names. If you can resolve the IP address to a host name, then whoever owns the IP address, most likely your upstream provider, probably set it up that way.

Nope. You may think that you know what you're talking about. But you obviously have no idea what I'm talking about.

If I have the information to translate a name to an IP, then I obviously have the information to translate an IP to a name.

Originally posted by bitserve


Nope. You may think that you know what you're talking about. But you obviously have no idea what I'm talking about.

If I have the information to translate a name to an IP, then I obviously have the information to translate an IP to a name.

You are obviously misunderstanding the term "reverse DNS." Reverse DNS is mapping an IP address to a host name. As bert said, you don't get reverse DNS when registering a name server. You only get the root servers to resolve the host name to the IP address. That's the whole reason for having it registered. Just because you can resolve a host name to an IP address does not mean you can resolve an IP address to a host name. More than one host name can resolve to the same IP address, but an IP address can only resolve to one host name at a time. If domain.com resolves to 1.2.3.4, you cannot assume 1.2.3.4 resolves to domain.com.

Originally posted by ToastyX
You are obviously misunderstanding the term "reverse DNS." Reverse DNS is mapping an IP address to a host name. As bert said, you don't get reverse DNS when registering a name server. You only get the root servers to resolve the host name to the IP address. That's the whole reason for having it registered. Just because you can resolve a host name to an IP address does not mean you can resolve an IP address to a host name. More than one host name can resolve to the same IP address, but an IP address can only resolve to one host name at a time. If domain.com resolves to 1.2.3.4, you cannot assume 1.2.3.4 resolves to domain.com.

Hey ToastyX are you also buying the book? ;)

I don't like books. ;) I learn mostly through experience and examples.

I will buy it though, 'cause it looks like I still have to learn DNS ;)

Originally posted by ToastyX
You are obviously misunderstanding the term "reverse DNS." Reverse DNS is mapping an IP address to a host name. As bert said, you don't get reverse DNS when registering a name server. You only get the root servers to resolve the host name to the IP address. That's the whole reason for having it registered. Just because you can resolve a host name to an IP address does not mean you can resolve an IP address to a host name. More than one host name can resolve to the same IP address, but an IP address can only resolve to one host name at a time. If domain.com resolves to 1.2.3.4, you cannot assume 1.2.3.4 resolves to domain.com.

Obviously registering your nameservers does not provide resource records for the IN-ADDR.ARPA domain, as it is a totally different DNS system. Which is probably what you and bert have been failing to say, which is of course true, but has nothing to do with what I was saying.

However, as I originally stated:

Orginally posted by bitserve
Generally you shouldn't need a reverse entry for a nameserver if it's registered, anyway. I thought that was the whole reason for having it registered. So that you can always get the IP of a nameserver, or the reverse.

The TLD zone file which contains the authoritative name servers for the domains in that zone has all of the information that one should need to resolve the nameserver's name to an IP address or the nameserver's IP address to the nameserver's name. Using this zone file, you can resolve a nameserver's name from it's IP address, which you comment on by saying this:

Originally posted by ToastyX
If you can resolve the IP address to a host name, then whoever owns the IP address, most likely your upstream provider, probably set it up that way.

I'll say again, obviously you may think you know what you're saying, but it makes no sense to me. I can only guess that you had no idea what I was saying if you thought to reply to what I was saying with that response. What does this have to do with my upstream provider (of which there are more than one)? Also, my upstream providers own very few IP addresses considering how many there are, so why assume that they're probably the owner of any specific one?

If there is a registered name server, I can assume to resolve it's name from it's IP address, no matter what other domain names may resolve to that IP address. And this is all done with a DNS system known as a zone file. By your own definition, this is "reverse DNS".

BTW: This is my 666th post. Not that the number has any significance to most of the world's population, but it amuses me none the less. :dgrin:

Originally posted by bitserve
If there is a registered name server, I can assume to resolve it's name from it's IP address, no matter what other domain names may resolve to that IP address. And this is all done with a DNS system known as a zone file. By your own definition, this is "reverse DNS".


This is not true. You can also resolve a host name from its IP address if the proper PTR record is created on a DNS server that has those IP addresses delegated to it.

Originally posted by bert
This is not true. You can also resolve a host name from its IP address if the proper PTR record is created on a DNS server that has those IP addresses delegated to it.

This is not true. You can also find that where ever you go, there you are.

What I meant and mean is that by registering your DNS servers with the root zone masters you don't get reverse. You get reverse when you setup the "zone file" on a DNS server for which the IP addresses have been delegated to.

Originally posted by bitserve
The TLD zone file which contains the authoritative name servers for the domains in that zone has all of the information that one should need to resolve the nameserver's name to an IP address or the nameserver's IP address to the nameserver's name. Using this zone file, you can resolve a nameserver's name from it's IP address, which you comment on by saying this:

Okay, then you seem to be misusing the term "reverse DNS." It sounds like you're talking about figuring out which name server is associated with an IP address. That's not reverse DNS. That's called "figuring out which name server is associated with an IP address." ;) Also, I believe you can have more than one name server registered with the same IP address at some registrars.

ToastyX is correct, I just don't see what the point is with arguing this. I know this for a fact, I have been around DNS servers when hosts files were still being used. ;)

There is actually no such thing as "reverse DNS", but if you choose to define it as resolving a name from an IP address, then you can do that for registered nameservers from the root zone files. I don't see why you can't understand this fact. I have accepted the term to mean the same thing, knowing it's common misuse.

Resolving an IP address to a domain name is usually done by doing a lookup on the infrastructure in-addr.arpa domain. This is not a "reverse" lookup. This is a lookup (query and response).

Again, I never said that registering your DNS server automatically added an in-addr.arpa domain record. But you guys don't seem to understand that fact, either. Again, I'll say that I don't understand why this record should be necessary for nameservers, if they are registered, since you can get the name from the IP.

You two need to read up on DNS, so that you can realize that your initial understanding of how it works is skewed.

I am confused here.

Does reverse DNS lookup and lookup (query and response) same?

Thanks

Originally posted by stephenn
I am confused here.

Does reverse DNS lookup and lookup (query and response) same?

Thanks


DNS:
- Looking up panther1.webhostingtalk.com
- 207.218.223.148 is resolved to 207.218.223.148 (panther1.webhostingtalk.com)


rDNS:
- Looking up 207.218.223.148
- 207.218.223.148 is resolved to panther1.webhostingtalk.com (panther1.webhostingtalk.com)

GOOD EXPLANATION

Thanks

dialtone controls the rdns on my ips, but they have a web config so i can set the reverse dns names to whatever i want.