reverse DNS

**patrickbeyer** · 02-03-2008

I am trying to setup a DNS server to resolve domain names on the internet, a nameserver, I host a few websites and at the moment I'm paying someone else to host my DNS, I want to now do it myself on my server (running apache2, and vsftp on it already)

I am using SUSE, and BIND9 for the DNS, I have set everything up already but when I perform a DNS ticket update, they keep emailing me to say that the DNS is not delegated properly, and the following errors:

The Nameserver at 1.2.3.4 (server1.mydomain.co.za ??) does not appear
to have a reverse DNS entry. This means that this nameserver does not
comply with 'co.za' registration policies and can not currently be used.

Syntax/Cross-Checking provided info for Nameserver at 6a: server1.mydomain.co.za @ 1.2.3.4
IPv4: 1.2.3.4 ==> [WARN: No PTR records!]
FQDN: server1.mydomain.co.za ==> [WARN: No A records!]

I have tried to test the DNS from my side and I dont get these errors, I can also go into my browser on the server and type in mydomain.co.za and it resolves to my server, but it doesnt work from any other machines on the internet, even machines in my LAN.

Thanks
Pat

**Vinno** · 02-04-2008

Have you created a PTR entry?

**patrickbeyer** · 02-04-2008

This is what I did, I'm not sure if I missed something, firstly I setup the xone sections in named as follows:

zone "mydomain.co.za " {
type master;
file "zone/mydomain.co.za.zone";
};

zone "4.3.2.in-addr.arpa" in {
type master;
file "zone/4.3.2.zone";
};

then in my zone files I did the following:

$TTL 3D
mydomain.co.za. IN SOA server1.mydomain.co.za. root.mydomain.co.za. (
42 ; serial (d. adams)
2D ; refresh
4H ; retry
6W ; expiry
1W ) ; minimum
server1 IN A 1.2.3.4
server2 IN A 1.2.3.4
@ IN NS server1.mydomain.co.za.
@ IN MX 10 server1.mydomain.co.za.
ftp IN CNAME server1
mail IN CNAME server1
www IN CNAME server1

$TTL 3D
@ IN SOA server1.mydomain.co.za. root.mydomain.co.za. (
42 ; serial (d. adams)
8H ; refresh
2H ; retry
4W ; expiry
1D ) ; minimum
IN NS server1.mydomain.co.za.
IN NS server2.mydomain.co.za.
server1 IN A 1.2.3.4
server2 IN A 1.2.3.5
66 IN PTR server1.mydomain.co.za.
67 IN PTR server2.mydomain.co.za.

then I stared named, I get no errors in the messages log file, everything appears to work when tested and accessed on the server, but I keep being sent the previously mentioned error emails.

**rcgreen** · 02-05-2008

Do you have a fixed IP address? If not, when people on the net
try to do a reverse lookup on your server, they will not get
your domain name, but that of your ISP. As a result, most people
will regard your name server as bogus.

**patrickbeyer** · 02-07-2008

Yes I do have a fixed IP, and I have tested it with vsftp and httpd, using the IP in the browser address bar, that side of things works.

Any other suggestions

**Lazydog** · 02-07-2008

Yes I do have a fixed IP, and I have tested it with vsftp and httpd, using the IP in the browser address bar, that side of things works.

By fixed I believe the other poster is referring to a Static Address, one that is not assigned via DHCP. What you did proves nothing as every IP Address on the internet you can plug into the browser and if there is a http server at that address it will connect.

Check with the ISP and ensure that they have delegated your IP Addresses to your server. If they have not done this then you will have to get them to host your reverse records for you. If they do not allow you to run your own server then they will not host or forward reverse requests to you.

Only options i see then are either buy a business class connection that allows you to do what you want to or move your servers off to a site where they will allow you to host your own or they host them for you.

Also I would suggest that you check your zones and configuration with

named-checkconfig
named-checkzone

It seems there are a lot of how-to's out there and none of then seem to tell you to check your work. MAN them to see how to use them.

**patrickbeyer** · 02-09-2008

I do have a business connection with fixed/static IP addresses, my machine does not connect to a DHCP server to get an address, I can restart everything at my place and it will still work on the same Static IP address.

Even though I do have static IP's, could there still be a problem on the ISP side of things?

Thanks for the tip on the zone checker, I will use that and see what happens

**Lazydog** · 02-17-2008

First sorry for the late reply.

If you ISP is not forwarding you the reverse lookups for you IP Addresses then you need to ask them if they can do this and/or have then host your reverse lookups for you.

**patrickbeyer** · 02-19-2008

Hi Robert

No worries about the delay, I get slightly overwhelmed at times too.

Is there anyway to test whether my ISP is forwarding the reverse lookups for my IP address? The ISP helpdesk is not very clued up and I have often been on the phone for several hours at a time trying to get through to somebody who knows how to help (I'm not joking about the several hours either) before I take that route I would like to check it myself if thats possible.

Thanks
Pat

**Lazydog** · 02-19-2008

I wold do a dig on the reverse lookup using their DNS server like this

Code:

DIG -x @<ISP> <IP>

Replace <ISP> with your ISP DNS Server
Replace <IP> with your IP Address

And see what that gives you. If it gives you something other then what you expect then you would be safe in saying that they do not forward reverse lookups for your IP.

Thread Tools

Display

reverse DNS

PTR entry

Fixed IP

Posting Permissions