Reverse DNS is the process of using DNS to translate IP addresses to hostnames. Reverse DNS is the opposite of Forward DNS, which is used to translate hostnames to IP addresses.
One way to see reverse DNS at work is to use nslookup a tool on most OS’s.
Let’s use `nslookup` to do a forward and reverse DNS lookup on redhat.com:
FORWARD LOOKUP
[phil@ns1 ~]$ nslookup redhat.com Server: 192.168.86.1 Address: 192.168.86.1#53 Non-authoritative answer: Name: redhat.com Address: 209.132.183.105 |
REVERSE LOOKUP
[phil@ns1 ~]$ nslookup redhat.com Server: 192.168.86.1 Address: 192.168.86.1#53 Non-authoritative answer: Name: redhat.com Address: 209.132.183.105 phils-mbp:~> nslookup 209.132.183.105 Server: 192.168.86.1 Address: 192.168.86.1#53 Non-authoritative answer: 105.183.132.209.in-addr.arpa name = redirect.redhat.com. Authoritative answers can be found from: |
Reverse DNS is setup by configuring PTR records (Pointer Records) on your DNS server.
This is in different to Forward DNS, which are configured with A records (Address Records).
Typically you or a DNS provider is in charge of Forward DNS. In the case of Reverse DNS most likely your ISP supplying your IP information will have responsibility. You would simply send them what Hostname resolves to what IP, and they would setup the PTR records. You can setup Reverse DNS on your own name servers if you choose which we will cover in this article.
Your ISP or hosting provider may delegate your own range of IP addresses, or you may have NAT setup for Private IP space you control, in this case you must configure Reverse DNS thru PTR records on your DNS server.
A lot of Systems Administrators configure Forward DNS but not Reverse DNS. In most cases when you do this things will work fine, however some applications require doing Reverse DNS lookups in which case you could run into latency issues and a whole slew of other issues.
Common applications and protocols such as IRC, SMTP, Backup utilities, and Databases sometimes use Reverse DNS.
It is best practice to configure Reverse DNS from the get go, to avoid troubleshooting headaches.
Below is a quick example how-to.
Say you NAT Private IP’s in your network 192.168.0.1-192.168.0.255
STEP 1 create a zone file and place it where you store your zone files named
0.168.192.in-addr.arpa |
(Notate your address space backwards missing last octect with .in-addr.arpa appended)
Your zone file will look like this: (between ##)
####### @ IN SOA ns1.yournameserver.com. root.domain.com. ( 2007040301 ;serial 14400 ;refresh 3600 ;retry 604800 ;expire 10800 ;minimum ) 0.168.192.in-addr.arpa. IN NS ns1.yournameserver.com. 0.168.192.in-addr.arpa. IN NS ns2.yournameserver.com. 2 IN PTR blah1.domain.com. 3 IN PTR blah2.domain.com. 4 IN PTR blah3.domain.com. 5 IN PTR blah4.domain.com. 6 IN PTR blah5.domain.com. ######## |
The example zone file above stipulates the below:
192.168.0.2 blah1.domain.com 192.168.0.3 blah2.domain.com 192.168.0.4 blah3.domain.com 192.168.0.5 blah4.domain.com 192.168.0.6 blah5.domain.com |
The number 2-6 are the last octect of 192.168.0. and PTR is the pointer.
STEP 2 Enter the zone into your named.conf or named.boot as you would a regular zone.
This would go into your Master DNS server or Primary DNS server
zone "0.168.192.in-addr.arpa" IN { type master; file "0.168.192.in-addr.arpa"; allow-update { none; }; }; |
This would go into your Slave DNS Basic server or Secondary DNS server
zone "0.168.192.in-addr.arpa"; IN { type slave; file "0.168.192.in-addr.arpa"; masters { whateveryourmasteripis; }; }; |
STEP 3
Wholla if configured right you should be up and running. Make sure to tail your log file when you restart DNS for any errors in syntax.
thanks this was very helpful. i hope i understand right since i made a slave to lookup using my isp’s reverse record as the master. i am presuming the isp is still the authoratative owner for the reverse record but mine only showed as NON-authoratative with dig until i added this
Hi gj,
I don’t use my data center ISP for DNS, though they still provide the authoritive for the outside world in regards to reverse lookups on my IP space. I brought up my own DNS servers and adjusted my servers resolv.conf files to point to them instead of the ISP so all my apps rely on my own DNS servers to facilitate both forward and reverse lookups. So essentially I do not use the ISP as a master and I as the slave but have my servers application using my own DNS for lookups. I am not concerned with reverse lookups from the outside world but more with my own applications doing lookups. Though I do keep my ISP informed of what the reverse lookups should be.
I did this because my ISP screwed up reverse DNS one time and took 5 hours to fix it, something I could have fixed in possibly minutes. During this time my application specifically caused by a database that had reverse lookups on went haywire, I since turned off the DB reverse lookup setting and pointed all my servers to my own DNS servers.
I did exactly what you suggested but it shows error and I am unable to remove it 🙁 note:
Sep 28 14:28:14 mercurio named[70000]: zone 224.54.201.in-addr.arpa/IN: loading from master file master/stemme.com.br.rev failed: empty label
obviously, the reverse is not as I expected:
root@someone/var/named/etc/namedb/master# : host 201.54.224.xxx
Host xxx.224.54.201.in-addr.arpa not found: 2(SERVFAIL)
I redone the DNS server 1.000+ times, no results at all 🙁
any hint?
TIA
Make sure your fully qualified domains are not missing trailing . at the end. Also look for .. with no characters in between you should have at least one octet. Maybe you can post the zone file and named.conf entry.
P
Clear, concise & usefull ! Thanks.
i set up reverse dns as explained by you, but reverse dns is still not working. i get followng error
** server can’t find xx.xx.xx.xx.in-addr.arpa: NXDOMAIN
while doing nslookup xx.xx.xx.xx
Very useful and simple….
Thanks
Right at the time!
Thanks
thanks, this has really helpful for me.
Hi.
Is it mandatory to configure the reverse zone for the slave/secondary ?
Right now I have set up ns1 primary on my IP and ns2 to point to the bind of another friend IP, but he has no record for the reverse zone like you specified. What happens then?
Thanks.