Right now if I do a reverse lookup on my server's IP it returns a host assigned by the data center. So is this something I should even be managing too or is that always left up to the DC? I run my own DNS for the forward lookup zones.
Also just a technical question, when you do a reverse lookup, how does it know where to look to get the host? I'm not sure I fully understand how these work.
It's a good idea to maintain matching forward and reverse lookups. You can request a reverse DNS change from your provider -- they should be willing to update it for you (just let them know what to change the reverse to).
You cannot get the reverse DNS delegated to you unless you are assigned an entire class C of address space.
That's note true at all, You can have your provider setup NS entries to your own DNS servers, down to the individual IP. Whether or not your provider is willing to do that is another story.
ASTUTE HOSTING: Advanced, customized, and scalable solutions with AS54527 Premium Canadian Optimized Network (Level3, PEER1, Shaw, Tinet) MicroServers.io: Enterprise Dedicated Hardware with IPMI at VPS-like Prices using AS63213 Affordable Bandwidth (Cogent, HE, Tinet) Dedicated Hosting, Colo, Bandwidth, and Fiber out of Vancouver, Seattle, LA, Toronto, NYC, and Miami
The query is served up for resolution. If we wanted to query for the reverse DNS entry for 126.96.36.199, it would be served up as:
The query then "walks the tree" (where the trunk of the tree is the root zone servers, and the branches are intermediate name servers, offering up paths to get to the individual leaves).
The query is broken up into pieces, from right to left.
The root zone server you reach answers for the dot ("."). Those servers are programmed twice a day to know how to resolve each of the 224 /8s between 0.0.0.0/8 and 188.8.131.52/8. In our example, we're using 192.0.0.0/8, so it parses the section:
... only. It knows to delegate any queries within 192.in-addr.arpa to the administrative name servers ARIN runs. For this example, we'll say that the delegation was made to CHIA.ARIN.NET.
CHIA.ARIN.NET then breaks down the next bits. It's programmed every night to know how where to delegate individual zones within 192.in-addr.arpa. In this case, it analyzes:
... and knows that should be delegated to your host, NS1.MYHOST.COM and NS2.MYHOST.COM.
For our example, the query is answered by NS1.MYHOST.COM. It is programmed at the operator's leisure to have data for any or all of the individual /32s in 184.108.40.206/24. It has a record for .5, so it is able to answer for:
... by serving up the individual PTR record, pointing to mail.mymachine.com
Thanks for the explaination. Makes more sense now. I have no need to have full admin of reverse zones so I just sent a request to change a few IPs. I'll just go shared1.iceteks.net and shared2.iceteks.net etc for future servers. For the 2ndary IPs most I'll leave as is unless I use them for another purpose, like one of them is for a VM so I called it something else to match the hostname of that VM.
So in terms of mail servers, for SMTP to work properly does it mean I need to make everyone use shared1.iceteks.net as their SMTP, or can they still use mail.theirdomain.com or what not? Is it just the hello response that has to match? so I should make helo response say shared1.iceteks.net?
We haven't noticed any issues with not having them match. Everyone still uses their mail.domain for the mailserver and email goes through just fine, no reports of being falsely tagged spam or anything.
Good to know. I've heard of how some mail servers require that the mail server and the reverse DNS match, but its also been said to not be a good practice for spam checking so guessing not too many places implement it that way.