rDNS

Mark Andrews marka at isc.org
Fri Jan 20 20:54:58 UTC 2017 

You have the netblock 162.202.233.80-162.202.233.87 (162.202.233.80/29).

When software performs a reverse lookup it constructs a DNS name
from the address like 80.233.202.162.in-addr.arpa.  Now as the
netblock is not a full /24 you either have to create 8 zones, one
for each PTR record, or provide records at those names which map
the lookups to new names.  The later is what has been done here.
The technique is described in RFC 2317.

ATT has delegated a zone for the first address in the address block
to you.  That zone is called 80.233.202.162.in-addr.arpa.  It has
then added CNAME records to map lookups for the rest of the address
in your address block into this zone.

e.g.

81.233.202.162.in-addr.arpa. CNAME 81.80.233.202.162.in-addr.arpa.
...
86.233.202.162.in-addr.arpa. CNAME 86.80.233.202.162.in-addr.arpa.

The 80.233.202.162.in-addr.arpa zone should look like this.

$TTL 1h
@	SOA	ns1.archaxis.net. me.archaxis.net. (
		2017012002 ; Serial
		1h ; Refresh
		1h ; Retry
		4w ; Expire
		1h ) ; Negative cashing TTL
	NS ns1.archaxis.net.
	NS ns2.archaxis.net.
	PTR network.archaxis.net.
81	PTR alpha.archaxis.net.
82	PTR bravo.archaxis.net.
87	PTR broadcast.archaxis.net.

I increased the expire field to 4 weeks as it was way too small.
Note the reverse for 162.202.233.80 is NOT mapped to a new name so
the PTR record for that address is at the zone's apex.  As all the
records had a TTL of 1 hour I set the default TTL to that value and
removed the per record setting of the TTL.  I also removed the class
field as that is inherited from the zone's declaration.

Don't forget to bump the zones serial when you install it.

Once you have the above sorted out and have tested it.  You now
need to slave the zone 233.202.162.in-addr.arpa as that contains
the CNAME records.  ATT should allow you to transfer it.  If they
don't find a ISP that knows what they are doing.  You need a local
copy of the zone so that when you link goes down you can still do
reverse lookups.

zone "233.202.162.in-addr.arpa" {
	type slave;
	masters { 151.164.1.1; };
	file "233.202.162.in-addr.arpa";
};

Mark

In message <20170120162146.GA14356 at fantomas.sk>, Matus UHLAR - fantomas writes:
> On 20.01.17 09:57, Ron Wingfield wrote:
> >   I am having difficulty configuring reverse DNS. This has been a
> problem
> >   for over a year between my server(s) and my ISP, AT&T. Specifically, I
> >   cannot eMail to any recipient that requires rDNS verification, e.g.,
> >   SBCglobal.net, Comcast.net, or AOL. Very frustrating.
>
> >   . . .why shouldnt this point to my server, 162.202.233.81 and not
> >   AT&Ts?
>
> because reverse domains are also tracked from the DNS root:
>
> 233.202.162.in-addr.arpa.	7200	IN      SOA	ns1.swbell.net.
> postmaster.swbell.net. 2016061700 10800 900 604800 3600
>
> 81.233.202.162.in-addr.arpa.	7200	IN	CNAME	
> 81.80.233.202.162.in-addr.arpa.
>
> >   I have coded my BIND 9 in-addr.arpa zone file as follows:
> >
> >   $ORIGIN 233.202.162.in-addr.arpa.
>
> stop defining $ORIGIN in zone file. the $ORIGIN is taken from named "zone"
> statement.
>
> According to those above you have to configure zone
> 80.233.202.162.in-addr.arpa.
> and adk swbell.net to fetchit from you.
>
> >   $TTL 3h
> >   @ IN SOA ns1.archaxis.net. me.archaxis.net. (
> >    2017012002 ; Serial
> >    1h ; Refresh
> >    1h ; Retry
> >    1h ; Expire
> >    1h ) ; Negative cashing TTL
> >
> >    3600 IN NS ns1.archaxis.net.
> >    3600 IN NS ns2.archaxis.net.
> >
> >   80 3600 IN PTR network.archaxis.net.
> >   81 3600 IN PTR alpha.archaxis.net.
> >   82 3600 IN PTR bravo.archaxis.net.
> >   87 3600 IN PTR broadcast.archaxis.net.
> >
> >   What is wrong? Is this my problem, or with AT&T?
>
>
>
> --
> Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
> Warning: I wish NOT to receive e-mail advertising to this address.
> Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
> Spam is for losers who can't get business any other way.
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org

More information about the bind-users mailing list