Slashdot Mirror

← Back to Stories (view on slashdot.org)

Obtaining Reverse DNS Records from Your Uplink?

Posted by Cliff on from the the-resolve-cha-cha!-back-and-forth-and-back-and-forth dept.

aralin asks: "Recently I was trying to set up my own server at home. I've got a domain and set everything, but I've come to one problem. When I want to give my server some reasonable name, I hit into DNS record mismatch. In other words, my DNS records do not match the reverse IP records set by my provider and thus some nodes reject to communicate with different services of my machine. Now I hit a wall when I tried to ask AT&T Cable to set reverse DNS records for my IP to something reasonable. And thus I would like to ask: What are you experiences with different broadband providers and obtaining reverse IP records for your own domain names?"

9 of 19 comments (clear)

  1. Forward and Reverse // should be free by davidu · · Score: 2
    Hi,
    Forward and Reverse DNS are totally different ballgames. While your upsteam provider SHOULD provide you with forward and reverse DNS they often do not. Think of it as the white pages; you get the book for free (DNS lookups) and they will list you for free (forward and reverse) -- it should be the same for the internet.

    One company, Speakeasy.net is a DSL provider and they will provide a reverse PTR record for _ALL_ their static IP DSL customers. In my opinion this is good service.


    With forward DNS, you can get your DNS from anyone -- I run a service called EveryDNS and we'll do it for you for free. Feel free to give it a look at EveryDNS.Net

    -davidu
    --

    # Hack the planet, it's important.
  2. Re:Just another example of SpeakEasy on top by SnatMandu · · Score: 2

    I also use speakeasy. Have 5 ips, and run several servers - no problems. I have heard friends complain about various DSL woes, but everything has been very smooth with speakeasy. I just hope Covad doesn't die, though speakeasy has sent email assuring users that if they do, they have plans to migrate users.

  3. You don't have to make them match by rcw-work · · Score: 4
    All dns verification systems such as tcp wrappers and ssh will work as long as the reverse dns hostname for your ip address resolves to the same ip.

    For example, take a random cable modem user (if you have the itch to portscan someone, PLEASE pick your own completely random ips), 24.5.2.24. This address reverses to cx54499-b.dt1.sdca.home.com, which in turn resolves to 24.5.2.24.

    That machine may host example.com and example.net... You'll still be able to ssh to example.com and example.net, send mail to them, or do whatever, even though 24.5.2.24 does not reverse to example.com or example.net.

  4. DNS delegation trick by dubl-u · · Score: 3

    Given that you a) have one IP address and b) are dealing with a globe-spanning congolmerate with a history of monopoly, I'd say your odds of getting PTRs are about zero.

    But for those with more flexible providers and a larger block of IP addresses, there's a nice trick that covers this:

    RFC 2317 (aka BCP 20)

    This allows the delegation of DNS PTR management even when the block doesn't start or end on octet boundaries.

  5. Here's what it looks like from the upstream end by jguthrie · · Score: 3
    I've actually set up reverse-DNS for my downstream customers such that they can configure it themselves. The primary issue is that the IPv4 reverse-DNS system is oriented around naming classful addresses. The minimum you can delegate is 256 addresses and nobody (well, almost nobody) gives out 256 addresses any more. So, you've got to use this crufty (but standard!--it's in the RFC's) hack to delegate parts of each address block.

    A second problem is that DNS servers can be a major hassle and a misconfigured DNS server can cause things to stop working. An admin tends to not be real comfortable delegating domains to the typical customer because the typical customer hasn't proven he knows what he's doing. We often run both the forward and reverse DNS for our fixed-IP customers for this very reason.

    On the other hand, as someone else pointed out, it should be enough for tcpd if there's a forward DNS entry that matches each reverse-DNS entry no matter what other DNS entries also map to that address. If each address has a default name and each address maps to that default name, then everything should work even if other names map to any given address. I consider that sort of thing to be basic to good network design.

  6. Just another example of SpeakEasy on top by bconway · · Score: 5

    I've repeatedly advocated SpeakEasy.net as a DSL company that are on top of things and cater to those who know what they want out of a DSL service. They offer up to 4 static IPs on a residential connection, block no ports, encourage running servers, and have a request to set reverse DNS lookups on their tech support email page. I think that about says it all. =)

    --
    Interested in open source engine management for your Subaru?
  7. Re:CNAME records by SuiteSisterMary · · Score: 2

    No. By definition, a CNAME points to another hostname. Much like, by definition, a chocolate bar is primarily made of chocolate.

    --
    Vintage computer games and RPG books available. Email me if you're interested.
  8. CNAME records by dkemist · · Score: 3

    Are you just defining DNS A records for the IP address your ISP has given you? If that's the case, then the forward and reverse lookups wouldn't match. What you probably want to do is define a CNAME record for the domain name you want to the domain name they give you. i.e.
    ISP DNS has:
    ISPassignedHostname.isp.net. IN A 64.28.150.67
    and
    67.150.28.64. IN PTR ISPassignedHostname.isp.net.

    You then add to your DNS:
    mydomain.com IN CNAME ISPassignedHostname.isp.net.

    When people try to hit your domain, the lookup will show the canonical name as the one assigned by the ISP. That's the one that reverse lookup checks will do. The CNAME is just letting you assign a handy alias to it.

  9. Are you sure? by raju1kabir · · Score: 2
    When I want to give my server some reasonable name, I hit into DNS record mismatch. In other words, my DNS records do not match the reverse IP records set by my provider and thus some nodes reject to communicate with different services of my machine.

    The only thing that matters (and only occasionally) is that it has a reverse DNS entry that matches some forward DNS entry. It doesn't have to match whatever additional name(s) you gave it. And to the best of my knowledge, AT&T cable customers are assigned IP numbers with matching forward and reverse DNS.

    I'm thinking that you're just sad to learn that your machine doesn't show up in logs and wtmp with the name you want. As for that - which is unimportant at best - you're out of luck unless you go with a less mass-market provider. Others have suggested Speakeasy, and I'd agree.

    --
    "Patriotism is your conviction that this country is superior to all other countries because you were born in it." -- GBS