[dns-wg] Reverse DNS at the Host Level?
Jim Reid jim at rfc1035.com
Fri Aug 20 15:29:16 CEST 2004
>>>>> "Chris" == Chris Hallam <challam at sdl.com> writes: Chris> As an LIR, we have reverse DNS entries in the RIPE database Chris> for all of our ranges at the x.x.x.in-addr.arpa level, but Chris> I was wondering if it was possible to create an entry at Chris> the host level for a specific IP address? Of course. That is the whole point of reverse delegations under in-addr.arpa. You really should populate those zones with PTR records for the active IP addresses. As you seem to have found out the hard way, some things won't work as expected when reverse DNS doesn't work. :-) For instance many mail servers won't accept SMTP sessions from hosts with no reverse DNS: it's usually a strong indication of a spam source. Chris> We have an issue where mail from one of our mail servers Chris> may be being blocked due to host level reverse IP lookups Chris> failing. You didn't give any information that would have helped someone to help you, like the IP address of the mail server or the appropriate LIR assignment for that IP address. Once an LIR has been given an assignment, it should fill in the reverse delegation templates and send them to the RIR. Once they've been checked, the RIR will delegate the corresponding reverse DNS zones to the LIR. They can then be populated by the LIR (or perhaps by its customers) so that reverse lookups of their IP addresses work. That's the broad picture. For more detail, you would need to provide more information. But probably not in this list... Looking at the headers on your posting, it appears to be there's a problem with reverse lookups of 220.127.116.11. Is this the address of the mail server that you're talking about? The reverse name for this IP address is 18.104.22.168.in-addr.arpa. This is a CNAME pointing at 84.80/22.214.171.124.in-addr.arpa. The 105.249.221.in-addr.arpa zone delegates 80/126.96.36.199.in-addr.arpa to ns0-s.dns.pipex.net and ns1-s.dns.pipex.net. Neither of these name servers knows about the 80/188.8.131.52.in-addr.arpa zone. So if it's this address that's causing you trouble, you need to take it up with the administrators of 80/184.108.40.206.in-addr.arpa and 105.249.221.in-addr.arpa. There's a disconnect between them. Either the parent has delegated the child to the wrong name servers or has done that to the child name servers (ns-s.dns.pipex.net) without them being configured to serve 80/220.127.116.11.in-addr.arpa. Once that's sorted out, a PTR record for 84.80/18.104.22.168.in-addr.arpa will be needed. Or I suppose you could just get the CNAME for 22.214.171.124.in-addr.arpa replaced with an appropriate PTR and not bother with this RFC2317-style reverse delegation. Please note that in general this list doesn't discuss specific DNS operational problems or provide tutorials on how to configure name servers and set up zone files. They tend to be handled in somewhere like bind-users at isc.org. Followup questions about your mail server's broken reverse DNS entry might be better of going there. This list tends to be used for DNS policy issues -- especially those concerning RIPE and the RIPE NCC membership, the production of BCPs, WG administrivia, etc, etc. The WG charter suggests the sort of discussions that would be appropriate to this list.
[ dns-wg Archives ]