Results 1 to 12 of 12
  1. #1
    Join Date
    Feb 2008
    Posts
    829

    Reverse DNS lookup

    Right now if I do a reverse lookup on my server's IP it returns a host assigned by the data center. So is this something I should even be managing too or is that always left up to the DC? I run my own DNS for the forward lookup zones.


    Also just a technical question, when you do a reverse lookup, how does it know where to look to get the host? I'm not sure I fully understand how these work.

  2. #2
    Join Date
    Mar 2008
    Location
    USA - Little Rock, AR
    Posts
    45
    When you do a reverse lookup on an ip address, it goes to ARIN (in the US) and asks what DNS servers are responsible for that network block.

    It then goes to the DNS servers that are responsible and queries them for a PTR record which is the opposite of an A record.

    A Record = name to ip
    PTR Record = ip to name

    You cannot get the reverse DNS delegated to you unless you are assigned an entire class C of address space.

    My suggestion would be to get your host to update the record to match the A record that points to your machine as if they don't match it can cause you problems with email being rejected etc..

    -Robert
    BitPath Networks, LLC - Professional VPS Hosting Services
    cPanel, DirectAdmin, and Plesk VPSs on the Virtuozzo Platform

  3. #3
    Join Date
    Feb 2008
    Location
    California
    Posts
    315
    It's a good idea to maintain matching forward and reverse lookups. You can request a reverse DNS change from your provider -- they should be willing to update it for you (just let them know what to change the reverse to).
    Take 2 Hosting, Inc. - Hosting Done Right
    Fully automated setup - new servers in as little as 10 minutes
    http://www.take2hosting.com/

  4. #4
    Join Date
    Oct 2002
    Location
    Vancouver, B.C.
    Posts
    2,656
    Quote Originally Posted by BitPath View Post
    You cannot get the reverse DNS delegated to you unless you are assigned an entire class C of address space.

    -Robert
    That's note true at all, You can have your provider setup NS entries to your own DNS servers, down to the individual IP. Whether or not your provider is willing to do that is another story.
    ASTUTE HOSTING: Advanced, customized, and scalable solutions with AS54527 Premium Canadian Optimized Network (Level3, PEER1, Shaw, Tinet)
    MicroServers.io: Enterprise Dedicated Hardware with IPMI at VPS-like Prices using AS63213 Affordable Bandwidth (Cogent, HE, Tinet)
    Dedicated Hosting, Colo, Bandwidth, and Fiber out of Vancouver, Seattle, LA, Toronto, NYC, and Miami

  5. #5
    Join Date
    Feb 2008
    Posts
    829
    I'll be setting up a shared environment so I wont worry about it, since can't make 1 IP match with multiple hosts anyway.

    like mail.domain1.com and mail.domain2.com will point to same IP.

  6. #6
    I'd suggest making the reverse something like shared.yourbusiness.com or pool1.yourbiz.com etc.

    Something so that if people look it up, they realize they have pinged an IP or domain that is part of a shared hosting environment at your business and can look to your domain for further information.

    We have our own IP address space SWIP'd, and so we have authority delegated to our nameservers. If you have a large pool of IPs, talk to your provider about doing this same thing.

    It saves a lot of time when one of your clients who has a dedicated IP decides they want a special rDNS, then you can just do it and it's done.

  7. #7
    Join Date
    Mar 2008
    Location
    USA - Little Rock, AR
    Posts
    45
    Quote Originally Posted by hhw View Post
    That's note true at all, You can have your provider setup NS entries to your own DNS servers, down to the individual IP. Whether or not your provider is willing to do that is another story.
    I was referencing directly from ARIN. In order to do a Reassign-Detailed Template, they want you to have been delegated an entire Class C.

    If your provider is willing to do the delegation that is great, but it seems most will not from my experience.

    -Robert
    BitPath Networks, LLC - Professional VPS Hosting Services
    cPanel, DirectAdmin, and Plesk VPSs on the Virtuozzo Platform

  8. #8
    Join Date
    Jul 2005
    Posts
    138
    Reverse DNS works like forward DNS in many ways, the most important attribute being its hierarchical.

    To begin a reverse lookup, your host computer uses named.root, a file which tells it where the IANA root zone servers are. An example is found at:

    http://www.internic.net/zones/named.root

    The query is served up for resolution. If we wanted to query for the reverse DNS entry for 192.100.200.5, it would be served up as:

    5.200.100.192.in-addr.arpa

    The query then "walks the tree" (where the trunk of the tree is the root zone servers, and the branches are intermediate name servers, offering up paths to get to the individual leaves).

    The query is broken up into pieces, from right to left.

    The root zone server you reach answers for the dot ("."). Those servers are programmed twice a day to know how to resolve each of the 224 /8s between 0.0.0.0/8 and 223.0.0.0/8. In our example, we're using 192.0.0.0/8, so it parses the section:

    192.in-addr.arpa

    ... only. It knows to delegate any queries within 192.in-addr.arpa to the administrative name servers ARIN runs. For this example, we'll say that the delegation was made to CHIA.ARIN.NET.

    CHIA.ARIN.NET then breaks down the next bits. It's programmed every night to know how where to delegate individual zones within 192.in-addr.arpa. In this case, it analyzes:

    200.100.192.in-addr.arpa

    ... and knows that should be delegated to your host, NS1.MYHOST.COM and NS2.MYHOST.COM.

    For our example, the query is answered by NS1.MYHOST.COM. It is programmed at the operator's leisure to have data for any or all of the individual /32s in 192.100.200.0/24. It has a record for .5, so it is able to answer for:

    5.200.100.192.in-addr.arpa

    ... by serving up the individual PTR record, pointing to mail.mymachine.com

    Hope that helps.

  9. #9
    Join Date
    Feb 2008
    Posts
    829
    Thanks for the explaination. Makes more sense now. I have no need to have full admin of reverse zones so I just sent a request to change a few IPs. I'll just go shared1.iceteks.net and shared2.iceteks.net etc for future servers. For the 2ndary IPs most I'll leave as is unless I use them for another purpose, like one of them is for a VM so I called it something else to match the hostname of that VM.

    So in terms of mail servers, for SMTP to work properly does it mean I need to make everyone use shared1.iceteks.net as their SMTP, or can they still use mail.theirdomain.com or what not? Is it just the hello response that has to match? so I should make helo response say shared1.iceteks.net?

  10. #10
    We haven't noticed any issues with not having them match. Everyone still uses their mail.domain for the mailserver and email goes through just fine, no reports of being falsely tagged spam or anything.

  11. #11
    Join Date
    Feb 2008
    Posts
    829
    Good to know. I've heard of how some mail servers require that the mail server and the reverse DNS match, but its also been said to not be a good practice for spam checking so guessing not too many places implement it that way.

  12. #12
    Join Date
    Feb 2006
    Posts
    1,108
    Instead of just setting NS's, some providers do some weird CNAME thing - they ask you for a domain, and just set like 66.0.0.1 -> 1.0.0.66.example.com, and you can PTR off that.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •