Jump to content

This is the support site for Andrews & Arnold Ltd, a UK Internet provider. Information on these pages is generally for our customers but may be useful to others, enjoy!

Reverse DNS

From AAISP Support Site

About Reverse DNS

Normal (forward) DNS is a system that allows you to look up information about a domain/host name. For example you might want to look up the IP address for the name my.firebrick.co.uk. To do this a normal DNS lookup is done for an A record called my.firebrick.co.uk and you get the answer 217.169.0.1. Reverse DNS is about finding a name for an IP address. The system is quite simple, the IP address is converted to a name and a lookup done in the usual way. The record type for a reverse DNS lookup is a PTR record not an A record.

Because of the way DNS works, control is delegated at each level, so my.firebrick.co.uk is delegated so that the name servers for co.uk tell the name servers for firebrick.co.uk and so on. This is normally only at a couple of levels but it could be that at each level control of the domains below that level (i.e. with anything added to the start of the domain) are delegated to a new name server.

With IP addresses the control is delegated the other way, e.g. 217.x.x.x is delegated to RIPE, and 217.169.0.x is delegated to AAISP. To allow DNS to be used to turn IP addresses in to names, the reverse DNS name for an IP address is backwards. For example 217.169.0.1 is 1.0.169.217.in-addr.arpa . This means that 217.in-addr.arpa is delegated to RIPE and 0.169.217.in-addr.arpa is delegated to AAISP.

To delegate your IP addresses to you we have to find a way to delegate within the block of 256 addresses we have received from RIPE. Few customers have a complete block of 256 addresses. Those that do can simply be set up so that their own name servers are used in the delegation from RIPE. For anyone with less than 256 addresses we have to find a way to give you some of the addresses within a block - which DNS does not allow.


Have AAISP Manage the Reverse DNS

There are a number of ways to do this...

1. A+Reverse on a Domain We Host

Where you have a domain that we manage in our DNS, and want an IP we manage to refer to and from that name. To do this you can create an A+reverse record in your domain DNS entries (instead of simply an A record). This will automatically complete the corresponding reverse entry in our DNS mapping the IP address back to the name.This is usually the simplest way to handle reverse DNS when you also have a domain with us.

If you do not have the domain with us, then we can add it specifically for adding Reverse entries

 

2. in-addr.arpa Zone

We can create the suitable in-addr.arpa zone on your account, and from within that you can add PTR records, contact Support Staff for this.

 

3. Generic Per IP Block

On a per IP basis support staff can add a name and we'll automatically create reverse records, eg, if your block is 81.187.81.0/29 and we add the name hosts.testing.me.uk, then we'll create erverse records such as:

0.hosts.testing.me.uk
1.hosts.testing.me.uk
2.hosts.testing.me.uk
etc...

Contact Support Staff for this.

Delegating Reverse DNS to your servers

We have two main ways to solve this, and you can select which you prefer using the control pages. In both cases the task is to set up the name servers which you manage and which will give the answers for reverse DNS queries. The two Reverse DNS name server boxes on the control pages let you specify one or two name servers (by name, not by IP address) for you name server(s). Don't put a dot on the end of the name though.

 

This setting is found on the control pages under the link to your Login.

Delegation by NS works by putting your name server in our DNS for each of your addresses. e.g. if you had 217.169.0.0-3 then we would put your name servers for each entry 0.0.169.217.in-addr.arpa , 1.0.169.217.in-addr.arpa,2.0.169.217.in-addr.arpa,3.0.169.217.in-addr.arpa . This would mean you can create 4 separate zone files each of which has to normal SOA records, etc, and a single PTR record with the name for that IP address. This is logically the correct way of doing it as the reverse DNS zone is delegated at each level of control right down to the IP address level. It is rather tedious to set up lots of zone files though, especially if you have, say, 128 addresses.

Delegation by CNAME is a way to delegate a block of addresses to you so that you only have one zone file to worry about. The way this works is that we put a CNAME record for each address indicating that the answer is found under a different name. We then delegate that different name to your name servers. There are several ways to do this, but we use the system of first-last.restofzone.in-addr.arpa. e.g. if you had 217.169.0.0-3 we would delegate a zone 0-3.0.169.217.in-addr.arpa to your name server(s) and add CNAME entries for each IP, e.g. 1.0.169.217.in-addr.arpa with CNAME to 1.0-3.0.169.217.in-adrr.arpa .

Auto reverse is a third option that works by filling in a PTR record for each IP4 address and a corresponding forward A record as well so that all of your IP addresses will have a valid reverse entry automatically. This is mainly for customers who are not interested in setting up any reverse entries but need something in place to avoid problems with some servers. If you also use A+reverse records in a domain then your IPs will have two PTR records, both valid.

Most ADSL customers will have a small block of IPs which they can delegate using CNAME if they want. However all ADSL lines also have a single IP address for the external (WAN) side of their ADSL router. This is always delegated as a single zone for the IP address.