3

I am trying to set up a PTR for reverse DNS so that mail that gets sent from me scripts doesn't get blocked due to reverse DNS failure. I beleive my zone is set up correctly, however me "thinking" it's correct and "knowing" it's correct are 2 seperate things!

First, I have: mydomain.com

This domain lives on public IP: 1.2.3.4

My conf file in the bind configuration looks like:

zone "mydomain.com" {
         type master;
         file "/var/lib/bind/mydomain.com.hosts";
         };

zone "4.3.2.1.in-addr.arpa" {
    type master;
    file "/var/lib/bind/mydomain.com.reverse.hosts";
    };

The mydomain.com.reverse.hosts file contains:

$ttl 38400
@                      IN          SOA      ns1.mydomain.com. zak.mydomain.com. (
                            1502115400
                            10800
                            3600
                            604800
                            38400 )
                       IN       NS      ns1.mydomain.com.
                       IN       NS      ns2.mydomain.com.

4.3.2.1.in-addr.arpa.  3600      IN       PTR     mydomain.com.

Forward lookups work great -- IE dig mydomain.com A and dig mydomain.com NS both bring up the respective (correct) A and NS records. The reverse lookup however isn't showing the PTR. IE: 

zak@zak-webserver:~$ dig -x 1.2.3.4 PTR

; <<>> DiG 9.10.3-P4-Ubuntu <<>> -x 1.2.3.4
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 1796
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;4.3.2.1.in-addr.arpa.  IN  PTR

Is my PTR record set up correctly? If so what are some checks I can do to find the failure point?

Zak
  • 345
  • 3
  • 16
  • Do you manage the name servers for the reverse lookup DNS zone? My guess is no. The entity that manages the reverse lookup DNS zone (most likely your ISP) needs to create the PTR records. – joeqwerty Oct 26 '18 at 17:23

1 Answers1

5

Your PTR record seems fine, you can verify that by running dig against your own DNS server.

However that doesn't mean much as long as a DNS resolution starting at the root dosn't ultimately arrive at your DNS server.

Normally you have to ask the ISP that assigned your IP address to set up a PTR record for that address.

RalfFriedl
  • 3,008
  • 4
  • 12
  • 17
  • This isn't on an ISP .. It's with a cloud-based host company .. I own the DNS server (dedicated) and the web server as well -- Are you saying that I need to contact my cloud provider and do this on an ISP level? – Zak Oct 26 '18 at 17:30
  • Then the cloud-based host company has/is an ISP. They should have a process to set PTR records for their addresses. Your own DNS server alone doesn't mean anything. I also have my own DNS server. If I set a PTR for that address, what makes your DNS server better than mine? – RalfFriedl Oct 26 '18 at 18:00
  • Ahh Great point! So one last question, should I remove that record as to not conflict with their record should they create it for me? – Zak Oct 26 '18 at 18:14
  • Yes, you should remove that record as it has no effect. – RalfFriedl Oct 26 '18 at 18:39
  • @Zak - setting up PTR records has to be done by the registered "owner" of the netblock the IP is in. Which is why your own DNS server can do it on a private LAN using the 10/8, etc. networks/subnets but for a public IP it has to be the IP "owner". – ivanivan Oct 26 '18 at 20:06
  • I called and had them add the record and the `dig` now works as expected! I also removed the zone from my local DNS server for posterity .. Thanks for your help! – Zak Oct 26 '18 at 20:18