Configuring Reverse DNS in BIND 9

April 4, 2007

Reverse DNS is the process of using DNS to translate IP addresses to hostnames. Reverse DNS is the opposite of Forward DNS, which is used to translate hostnames to IP addresses.

One way to see reverse DNS at work is to use nslookup a tool on most OS’s.

Let’s use `nslookup` to do a forward and reverse DNS lookup on


[phil@ns1 ~]$ nslookup
Server:         206.71.175.XX
Address:        206.71.175.XX#53
Non-authoritative answer:


[phil@ns1 ~]$ nslookup
Server:         206.71.175.XX
Address:        206.71.175.XX#53
Non-authoritative answer:     name =
Authoritative answers can be found from:        nameserver =        nameserver =        nameserver =

Reverse DNS is setup by configuring PTR records (Pointer Records) on your DNS server.

This is in different to Forward DNS, which are configured with A records (Address Records).

Typically you or a DNS provider is in charge of Forward DNS. In the case of Reverse DNS most likely your ISP supplying your IP information will have responsibility. You would simply send them what Hostname resolves to what IP, and they would setup the PTR records. You can setup Reverse DNS on your own name servers if you choose which we will cover in this article.

Your ISP or hosting provider may delegate your own range of IP addresses, or you may have NAT setup for Private IP space you control, in this case you must configure Reverse DNS thru PTR records on your DNS server.

A lot of Systems Administrators configure Forward DNS but not Reverse DNS. In most cases when you do this things will work fine, however some applications require doing Reverse DNS lookups in which case you could run into latency issues and a whole slew of other issues.

Common applications and protocols such as IRC, SMTP, Backup utilities, and Databases sometimes use Reverse DNS.

It is best practice to configure Reverse DNS from the get go, to avoid troubleshooting headaches.

Below is a quick example how-to.

Say you NAT Private IP’s in your network

STEP 1 create a zone file and place it where you store your zone files named

(Notate your address space backwards missing last octect with appended)

Your zone file will look like this: (between ##)

@       IN      SOA     (
2007040301      ;serial
14400                 ;refresh
3600                   ;retry
604800              ;expire
10800                ;minimum
)                IN      NS                IN      NS
2               IN      PTR
3               IN      PTR
4               IN      PTR
5               IN      PTR
6               IN      PTR

The example zone file above stipulates the below:

The number 2-6 are the last octect of 192.168.0. and PTR is the pointer.

STEP 2 Enter the zone into your named.conf or named.boot as you would a regular zone.

This would go into your Master DNS server or Primary DNS server

zone "" IN {
type master;
file "";
allow-update { none; };

This would go into your Slave DNS server or Secondary DNS server

zone "" IN {
type slave;
file "";
masters { whateveryourmasteripis; };


Wholla if configured right you should be up and running. Make sure to tail your log file when you restart DNS for any errors in syntax.

Comments for “Configuring Reverse DNS in BIND 9”

  1. gj commented on March 6, 2009

    thanks this was very helpful. i hope i understand right since i made a slave to lookup using my isp’s reverse record as the master. i am presuming the isp is still the authoratative owner for the reverse record but mine only showed as NON-authoratative with dig until i added this

  2. Hi gj,

    I don’t use my data center ISP for DNS, though they still provide the authoritive for the outside world in regards to reverse lookups on my IP space. I brought up my own DNS servers and adjusted my servers resolv.conf files to point to them instead of the ISP so all my apps rely on my own DNS servers to facilitate both forward and reverse lookups. So essentially I do not use the ISP as a master and I as the slave but have my servers application using my own DNS for lookups. I am not concerned with reverse lookups from the outside world but more with my own applications doing lookups. Though I do keep my ISP informed of what the reverse lookups should be.

    I did this because my ISP screwed up reverse DNS one time and took 5 hours to fix it, something I could have fixed in possibly minutes. During this time my application specifically caused by a database that had reverse lookups on went haywire, I since turned off the DB reverse lookup setting and pointed all my servers to my own DNS servers.

  3. irado commented on September 28, 2009

    I did exactly what you suggested but it shows error and I am unable to remove it :( note:

    Sep 28 14:28:14 mercurio named[70000]: zone loading from master file master/ failed: empty label

    obviously, the reverse is not as I expected:

    root@someone/var/named/etc/namedb/master# : host
    Host not found: 2(SERVFAIL)

    I redone the DNS server 1.000+ times, no results at all :(

    any hint?


  4. Make sure your fully qualified domains are not missing trailing . at the end. Also look for .. with no characters in between you should have at least one octet. Maybe you can post the zone file and named.conf entry.


  5. Punta commented on October 10, 2009

    Clear, concise & usefull ! Thanks.

  6. Ravi commented on December 15, 2009

    i set up reverse dns as explained by you, but reverse dns is still not working. i get followng error
    ** server can’t find NXDOMAIN
    while doing nslookup xx.xx.xx.xx

  7. Krishnadas commented on August 29, 2010

    Very useful and simple….

  8. Right at the time!

  9. Suranga commented on July 4, 2011

    thanks, this has really helpful for me.

  10. Hi.
    Is it mandatory to configure the reverse zone for the slave/secondary ?
    Right now I have set up ns1 primary on my IP and ns2 to point to the bind of another friend IP, but he has no record for the reverse zone like you specified. What happens then?


  11. Thanks a lot, i need it to configure my server. thanks for writing this once more.

Leave a Reply