DNS question

[KingGheedora]

I'm a developer and I put int a request to my IT team to create reverse DNS lookup records for some of our mail relays. I understand the concept behind what RDNS does, but not sure about how the details are implemented.

So let's say i asked for rdns that would point IP aaa.bbb.ccc.ddd to somehost.mydomain.com

The IT guy responded saying he would create a reverse dns "zone" :

bbb.ccc.ddd.in-addr.arpa

and add the PTR records:

aaa.bbb.ccc.ddd.in-addr.arpa PTR to somehost1.mydomain.com


My question is, what is the "zone"? And what is the "in-addr.arpa" stuff, why does it need to be appended to the end of these IP's?


Another thing the IT guy said is "I believe a delegation will need to be entered at the parent zone (ccc.dd.in-addr.arpa)." What does this mean?

 

[Emulex]

http://www.bind9.net/manuals

read the book man.

 

[Red Squirrel]

Basically a zone is a group of similar hosts. With a normal record, all sub domain of domain.com would be in a zone. So domain.com and domain2.com have each their own zone. www.domain.com would be a record in the domain.com zone.

With reverse DNS it's similar. All IPs in the 10.1.2.0/24 range will be in the 2.1.10 zone. (yes, it's reversed). The record would be something like (not using correct syntax) :

1: mail.somedomain.com
20: server1.servers.com
30: server2.servers.com

etc

So 10.1.2.1 = mail.somedomain.com, 10.1.2.20 = server1.servers.com and so on.

I believe you can have a reverse zone cover an entire class B or even A but I've only ever seen it used as class C. The in-addr.arpa appended at the end is just a standard notation for reverse records. It has a special meaning but I forget exactly. It's basically to tell the DNS server the record is not a normal domain name, as you could technically make a zone for a domain that's just a bunch of numbers.

 

[RadiclDreamer]

Originally posted by: Emulex
http://www.bind9.net/manuals

read the book man.

Go back to the linux forums, we help people here, not simply tell them to RTFM...

 

[imagoon]

Reverse DNS is a bit tricky because more often than not, it is handled by the owners of the IP range, not the name owners. Inside a private network is easy since you control all that.

Reverse DNS is done this way (all numbers are examples): "Name" will be 'Host IP number:' 143 FQN: 1.40.10.in-addr.arpa Host name: Somehost.inyourdomain.local

That allows a DNS to handle the "What DNS entry is 10.40.1.143?" answer: Somehost.inyourdomain.local

On the open internet, these ranges are typically managed by your ISP who will register them as something mundane in most cases like 10-40-1-143.chicagoland.someisp.com. In that case the forward addressed (handled by you the name owner) won't match the reverse lookup (handled at ISP / IP range owner) and things that rely on it or say black list email don't work with it.

A zone is a fancy way to say "list." A DNS zone is all the information that the DNS server handle for that domain. IE the anandtech.com zone = anandtech.com and any other names they use like forums.anandtech.com. in-addr.arpa is the zone (like .com .net and .org) reserved for reverse dns.

 

[Emulex]

Originally posted by: RadiclDreamer

Originally posted by: Emulex
http://www.bind9.net/manuals

read the book man.

Go back to the linux forums, we help people here, not simply tell them to RTFM...

no really read the book. otherwise more misinformation will flow.


dns isn't easy to a beginner. there are so many nuances that can roach a zone or make it behave improperly.

Zone delegation of a single C Class is not hard to do at all. otherwise you'd have to call you isp every time you wanted your reverse dns to match your host.

Don't forget to tell him how to register his two dns servers, on different subnets or carriers as well.

the bind book is a fantastic resource kinda like the sendmail book just have to plow through it as all aspects of dns intertwine.

in-addr.arpa is just some made up junk from arpanet days; dns has a lot of abritrary methods that do not make alot of sense.

Start stacking crap like Microsoft DNS with AD integration then things start to get really messy

 

[Nothinman]

Originally posted by: RadiclDreamer

Originally posted by: Emulex
http://www.bind9.net/manuals

read the book man.

Go back to the linux forums, we help people here, not simply tell them to RTFM...

Yea, screw that whole "teach a man to fish" myth!

the bind book is a fantastic resource kinda like the sendmail book

The bind book is better because unlike sendmail the config file syntax is easily readable. =)