DNS, nameserver and domain on the same dedicated IP - PTR record for nameserver?

Question

My dedicated IP: xx.xxx.xxx.59

Am I doing this correctly by having 2 PTR records (ns1 and domain) for my IP?

Reverse DNS Zone file 59.xxx.xxx.xx.in-addr.arpa.db

$TTL 86400
@       IN      SOA     ns1.example.com. admin.example.com. (
         2020040201     ; Serial
               3600     ; Refresh
               7200     ; Retry
            1209600     ; Expire
              86400 )   ; Negative Cache TTL

@       IN      NS              ns1.example.com.
@       IN      NS              ns2.example.com.

;Reverse lookup for Name Server
59      IN      PTR             ns1.example.com.

;PTR Record IP address to HostName
59      IN      PTR             example.com.

And my actual DNS zone:

$TTL 86400
@       IN      SOA     ns1.example.com. admin.example.com. (
         2020040201     ; Serial
               3600     ; Refresh
               7200     ; Retry
            1209600     ; Expire
              86400 )   ; Negative Cache TTL

; name servers - NS records
@       IN      NS              ns1.example.com.
@       IN      NS              ns2.example.com.

; name servers - A records
ns1.example.com.     IN      A               xx.xxx.xxx.59
ns2.example.com.     IN      A               xx.xxx.xxx.59

; All other A records
@       IN      A               xx.xxx.xxx.59
mail    IN      A               xx.xxx.xxx.59
www     IN      A               xx.xxx.xxx.59
@       IN      MX      10      mail.example.com.
@       IN      TXT             "v=spf1 a mx ip4:xx.xxx.xxx.59 ?all"

And my /etc/named.conf

options {
        listen-on port 53 { 127.0.0.1; xx.xxx.xxx.59; };
#       listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        recursing-file  "/var/named/data/named.recursing";
        secroots-file   "/var/named/data/named.secroots";
        allow-query     { localhost; xx.xxx.xxx.0/24};

        recursion no;

        dnssec-enable yes;
        dnssec-validation yes;
        bindkeys-file "/etc/named.root.key";
        managed-keys-directory "/var/named/dynamic";
        pid-file "/run/named/named.pid";
        session-keyfile "/run/named/session.key";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
        type hint;
        file "named.ca";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

zone "example.com" {type master; file "/var/named/example.com.db";};
zone "59.xxx.xxx.xx.in-addr.arpa" {type master; file "/var/named/59.xxx.xxx.xx.in-addr.arpa.db";};

I think I just realized something. Since IP belongs to server hosting provider than PTR records must be handled on their side. And if this is correct do I still need reverse zone configuration on my side? — Myroslav Tedoski, Apr 02 '20 at 16:51
Its easier to get your provider to handle reverse DNS. If you need control you need to set up a separate zone (in in.addr.arpa space) in conjunction with the reverse provider. — davidgo, Apr 03 '20 at 03:37

BillThor · Accepted Answer · 2020-04-06T05:21:05.183

1

DNS servers do not require reverse DNS validation so the value on the PTR record is not important for them. If your IP provider has not delegated the PTR zone for your IP address block you will not need to configure PTR records.

It is possible for your provider to use a CNAME record to redirect PTR record requests to your domain. In that case you would need a PTR record in your domain's configuration. This is not normally done.

If you do need a specific PTR record, your IP provider will likely have a request mechanism you can use. Normally, this is only required for mail servers which require rDNS validity. (Unfortunately, many legitimate mail servers have invalid PTR records.)

IP delegations of less that a /24 network require use of CNAME records to delegate PTR records to the IP holder. This is documented in RFC 2317 which describes classless ip-addr.arpa delegation.

edited Apr 06 '20 at 05:21

answered Apr 02 '20 at 18:33

BillThor

27,354
3
35
69

Sorry for the downvote, but the talk of a CNAME indicates a lack of understanding of reverse delegation. Your statements about mail servers having invalid ptr records is dubious as well. PTR management is a little different to managing other DNS entries. – davidgo Apr 03 '20 at 03:35
@davidgo I have edited to include the relevant RFC for the CNAME mecanism. As to invalid PTR records, I run a mail server that logs invald rDNS validations. A signifilidcant percentage of the domains sending valid (non-spam) email have PTR records that fail rDNS validation. The worst offenders tend to be large organization which should be able to afford the expertise to get it right. – BillThor Apr 06 '20 at 05:25
@davidgo CNAME records exist (can exist) in the reverse tree as well as the forward one, there is nothing special there and BillThor is right, this is even codified (if little used in practive) by some RFC, and mostly work. I upvoted just to balance your down vote :-) – Patrick Mevzek Apr 07 '20 at 03:31

DNS, nameserver and domain on the same dedicated IP - PTR record for nameserver?

1 Answers1