Can someone explain me how i should setup reverse DNS because i am searching google, forums etc... but i don't know it very clearly, assume my domain name is blablabla.com and my ip 1.2.3.4

What should i exactly do?

Thanks

Do you have control of your reverse dns? I don't know how it works with other hosting companies but we don't let our customers do reverse dns themselves we have to set it up.

This has been mentioned in this board. Please use the search to see if this has been convered before.

Quick rundown:

Let say your block is 192.168.1.1/24

Create a new Domain Name

1.168.192.in-addr.arpa.

Let say you want 192.168.1.1 to be primary.domain.tdl. Create a PTR record:

1.1.168.192.in-addr.arpa. PTR primary.domain.tdl

Create a new Domain Name

1.168.192.in-addr.arpa.


huh?

Just do a search :)
http://directadmin.com/forum/showthread.php?s=&threadid=1506&highlight=Reverse+DNS

You need to create a new domain from the admin section. It is the first 3 subnets in reverse order and you add the old ARPA domain to it.

So 192.168.1.1/24 would be the domain 1.168.192.in-addr.arpa. 123.456.7.1/24 would be the domain 7.456.123.in-addr.arpa.

Then each domain in your block you get a PTR record but this time you include all 4 subnets.

So lets say you have ip's from the first block I gave you 192.168.1.1/24 (This is a class C block of 256) . If 192.168.1.2 was the domain example.domain.tdl. After the domain was created with the above information you would make a PTR record like 2.1.168.192.in-addr.arpa. PTR example.domain.tdl.

Hopefully that helps a little. If not post me exactly the ip address and domain and I will write it out for you...

Can't i add it in an existing DNS? would be handy.

Domain name: systemworks.nl
IP: 213.196.8.20
NS1 21
NS2 22

Hello,

Yes it would be handy, but the dns system wouldn't know which file to look in to get the hostname. All it gets is the IP, so it has to work with that which is why the setting has to be added to the named.conf file.

John

Better tell me what to do then :p

Hello,

For a reverse lookup on 1.2.3.4

in your named.conf (RH: /etc/named.conf FBSD: /etc/namedb/named.conf)


zone "4.3.2.1.in-addr.arpa" IN {
type master;
file "/var/named/hostname.db";
};In /var/named/hostname.db:

$TTL 0
@ IN SOA ns1.domain.com. root.domain.com. (
2004022000
7200
3600
1209600
86400 )

NS ns1.domain.com.
NS ns2.domain.com.
PTR domain.com.
Now the domain.com. that is in bold will be what is returned with the lookup. You can apply hte hostnam.db file to all IPs if you want, just add one zone for each ip in the named.conf using the above method.

John

Hi,

Does DA overwrite this file?

Thank you.

No.

John

Is this text above still valid for the newest version or the same thing available in de admin menu of direct admin ( adding the ptr record i mean)??

Is this text above still valid for the newest version or the same thing available in de admin menu of direct admin ( adding the ptr record i mean)??

yes

i still have a question... my domain name is www.sition.nl do i need to create a file hostname.db or just edit sition.nl.db ? i already added a ptr record via directadmin control panel.. at the moment this is my sition.nl.db

i already edited named.conf.. is the only thing i have to do to add the rule:
sition.nl. 14400 IN PTR sition.nl.

????



$TTL 14400
@ IN SOA ns1.sition.nl. root.sition.nl. (
2004032103
7200
3600
1209600
86400 )

sition.nl. 14400 IN NS ns1.sition.nl.
sition.nl. 14400 IN NS ns2.sition.nl.

ftp 14400 IN A 213.247.57.91
localhost.sition.nl. 14400 IN A 127.0.0.1
mail 14400 IN A 213.247.57.91
ns1 14400 IN A 213.247.57.92
ns2 14400 IN A 213.247.57.93
pop 14400 IN A 213.247.57.91
sition.nl. 14400 IN A 213.247.57.91
test 14400 IN A 213.247.57.91
winter 14400 IN A 213.247.57.91
wintersport 14400 IN A 213.247.57.91
www 14400 IN A 213.247.57.91

sition.nl. 14400 IN MX 0 sition.nl.


91.57.247.213.in-addr.arpa 14400 IN PTR mail.sition.nl.

Do you want to have RDNS setup? You won't need to go though all of that if you want you can just set it up via the Admin section of the control panel.

I am making assumptions based on your post ip's and host names

Create a new domain:

Domain Name: 57.247.213.in-addr.arpa
IP Address: 1.1.1.1
Name Server 1: ns1.sition.nl.
Name Server 2: ns2.sition.nl.

When you get in your new domain Delete all the records BUT the NS records.

Now if you want to do a reverse for mail:

91.57.247.213.in-addr.arp. PTR mail.sition.nl.

Hi all found this script for generating reverse entries.

works great for me after some initial tinkering. http://www.mkrdns.org/

the only issue with it is Direct admin won't display the result :(

maybe a fix for the next ver here's some sample output


$TTL 14400
@ IN SOA dns.aztec-net.com. root.74.50.209.in-addr.arpa. (
2004032407
7200
3600
1209600
86400 )

74.50.209.in-addr.arpa. 14400 IN NS dns.aztec-net.com.
74.50.209.in-addr.arpa. 14400 IN NS ns.aztec-net.com.



$ORIGIN 74.50.209.in-addr.arpa.
2 PTR anet.xmcs.org.
8 PTR mx2.aztec-net.com.
9 PTR mx1.aztec-net.com.
10 PTR aztec-net.com.
20 PTR ip20.mod.aztec-net.com.
21 PTR ip21.mod.aztec-net.com.
22 PTR ip22.mod.aztec-net.com.

Hello,

DA shows the dns entries based on their name. So if you have zone "4.3.2.1.in-addr.arpa" ... then you'd just need to have the file: /var/named/4.3.2.1.in-addr.arpa. (maybe a symlink would suffice). Also, the filename in the named.conf file needs to have the full path, else DA won't show it in the list of domains.

John

Hi,

to clarify, DirectAdmin shows the reverse zones as domains but when you enter the zone to view the specific records, nothing is displayed. On the above example only the ns records are displayed. the rest are not shown :(

full path is also used in the named.conf file.


Thanks

On a FreeBSD system, when I go to the DNS admin page I see my reverse DNS entries :
4.3.2.1.in-addr.arpa

But when I click on it, I get a :

Cannot View Dns Record

Details

Error Reading db file

Is it a bug in DA or is this normal because hostname.db cannot be interpreted by DA?

Question:

Do we need PTRs for every domain we host or just a PTR for the mail server IP only?

Thanks,
Ben

You should have only one reverse record per IP#.

While the protocol allows for multiple reverse records per IP, some programs don't know how to handle them.

They won't just "work" intelligently as you'd expect. Whoever looks up the IP# using either dig or nslookup will see either a list of all or some of the reverse resolutions, or get an error, depending on how the resolver s/he's using works.

And unless you've got an entire C-class or a reasonably sized delegated subnet, you can do reverse DNS all you won't, but the Internet at large won't see your records anyway, because most upstreams won't delegate the authority to you.

Jeff

Jeff,

Does that mean I only need to create PTRs for those clients who have dedicated IPs and those who use server's shared IPs don't need PTRs as long as the server's shared IPs have associated PTRs right?

Thanks,
Ben

Ok, are there two schools of thoughts here, or am I missing something?

Can the reverse DNS be set up entirely through DA or does files need to be edited? (my service supplier has submitted a r nds request for me, so I'm just waiting for propagation).

Cheers,
C.

Have you tried this:

http://help.directadmin.com/item.php?id=21

No. Thanks for the link! So to sum it up:

For my domain dot2me.com at IP 64.92.163.250, I would do the following:

i. Add a domain through DA called
250.163.92.in-addr.arpa

ii. Set the PTR for that to dot2me.com

iii. Delete all other records execpt
NS1 ns1.dot2me.com
NS2 ns2.dot2me.com

iv. Login as root and ee /etc/namedb/named.conf and /var/named/hostname.db and adding these:http://help.directadmin.com/item.php?id=21



If that is correct, then what do I do to set up a reverse lookup for my mail? It's on the same IP. Should I start from # ii above and just add PRT mail.dot2me.com and add this too to the files in # iv?

C.

Charliez,

What I did was created a PTR for my server IP after followed the intructions on that link and it now resolves correctly for my domain (of cource my mail server too). Also, it resolves for my clients who use the shared IP addresses as well.

You can test it by going to www.dnsstuff.com and use the Reverse DNS tool.

However, it can't resolve for those who have dedicated IPs so what I'm going to do is have ISP delegate rDNS for those dedicated IP clients. If it works for my main domain I don't see any reason why it doesn't work for my dedicated IP clients. I'll let you know.

Everyone, please point me to the right direction if what I said is wrong. I'm a newbie too.

Many thanks.

Originally posted by anewbie2
You can test it by going to www.dnsstuff.com and use the Reverse DNS tool.
Not unless you tell us your domain name.

However, it can't resolve for those who have dedicated IPs so what I'm going to do is have ISP delegate rDNS for those dedicated IP clients. If it works for my main domain I don't see any reason why it doesn't work for my dedicated IP clients. I'll let you know.
It's extremely unlikely that your upstream would have authorized revers DNS for you for one IP# and not the others; my guess is your upstream is authoritative for all but only doing rDNS for the main IP#.

Everyone, please point me to the right direction if what I said is wrong. I'm a newbie too.
If you post your IP#s we can check rDNS for you and tell you which nameserver is authoritative for it.

Jeff

Many thanks. [/B][/QUOTE]

So no separate entry for the mail server. Just the main.com server?

That is correct. It's perhaps a bit oversimplified, but it does work for sites created entirely in, and managed entirely in, DA.

Jeff

Thanks all for your replies! Most appreciated.

I'm a little curious in re on small thing. I asked my service supplier to authorize the reverse DNS for me. Now, without (yet) changning anything in DA, all reverse lookup seems to work.

I presume it is just seemingly functional, and I'll add the PTR and do the other changes on the server later tonight. But is that normal behaviour? Just trying to figure out how things work. I mean:

http://www.dnsstuff.com/tools/ptr.ch?ip=dot2me.com
http://www.dnsreport.com/tools/dnsreport.ch?domain=dot2me.com

"The IPs of all of your mail server(s) have reverse DNS (PTR) entries"

Just curious to why this is possible before I have started changing anything on the server.

Cheers,
C.

Reverse lookup takes place by getting the name on the IP. This will be checked @ you're ISP, not through DNS. So if you're ISP has set the [name] to the IP it's fine, as long as the [name] is resolves to that ip.

Huh? Most of this may be passing, whooom, right over my head, but I still keep on learning.

So I don't actually need to set up the server to respond to the lookup in any way? Not like a normal domain setup?

Ok I'll try to explain how I did it :P

I requested a reverse IP lookup on one of my servers IPs: 10.0.0.0 to lookup to: server01.fusion-ict.nl

On my server I've added an A record server01.fusion-ict.nl to the IP.

And that was it. Since then it always worked like a charm. Nothing fuzzy etc.

Why I needed reverse lookup: Some of my users have another reseller account with another hosting company. this company checks the mail it receives and does a reverse lookup to check if it is really who he says he is. My mail server respons like: server01.fusion-ict.nl and this server checks the IP if it resolves to this address.

NSLOOKUP/DIG all work just fine with it. So why do more if it isn't needed.

Wow. I feel like when I was working my way through the 172 page Boose surround system manual, and my wife just came along and clicked "power" and the damn thing worked.

fusionictnl has explained more succinctly than I ever did, how to set up reverse DNS if your upstream (he called it the isp) keeps DNS authority for themselves. In that case your server will never get a DNS request.

However if your upstream has given DNS authority to you (either because it's their policy or you've asked them to) then you need to do it on your nameserver(s).

Thanks, fusionictnl, for making it so much clearer than I did.

Jeff

Well the good thing is that I learned a lot. I wouldn't have if I hadn't missed the important difference between situations where the upstream delegate DNS authority and where they keep DNS authority to themselves.

Thanks to all!

Cheers,
Charlie.

Originally posted by anewbie2
Have you tried this:

http://help.directadmin.com/item.php?id=21 i have added those information with all the available ip for the server and still nothing
do i have to change something in DA Panel??
i mean do i have to add a zone for the domain name that i used to replace the BOLDED domain.com in that text???
thanks

That DA help page is quite simplified, and in fact won't work in many situations.

Did your upstream delegate authority to you?

if so, with what zone name?

If you give us the real zone and domain information someone may be able to help you.

Jeff

i'm not authorised to give all the info about the domain, i'm only on a support team,
just tell me how for exmple.com

If I took the time to trace example.com through the DNS hierarchy the resulting information wouldn't help you at all.

Anyone who thinks hiding domain information helps security in any way is sadly mistaken. The information in DNS is not only public, it's important that it be public or the Internet wouldn't work.

For more information, check this (http://homepages.tesco.net./~J.deBoynePollard/FGA/dont-obscure-your-dns-data.html).

Jeff

it's working now i just added a PTR record to www A record and it's working thank you..