PTR Record Not Showing in Dig Request: Troubleshooting Guide

binddns-zonereverse-dns

I am trying to set up a PTR for reverse DNS so that mail that gets sent from me scripts doesn't get blocked due to reverse DNS failure. I beleive my zone is set up correctly, however me "thinking" it's correct and "knowing" it's correct are 2 seperate things!

First, I have: mydomain.com

This domain lives on public IP: 1.2.3.4

My conf file in the bind configuration looks like:

zone "mydomain.com" {
         type master;
         file "/var/lib/bind/mydomain.com.hosts";
         };

zone "4.3.2.1.in-addr.arpa" {
    type master;
    file "/var/lib/bind/mydomain.com.reverse.hosts";
    };

The mydomain.com.reverse.hosts file contains:

$ttl 38400
@                      IN          SOA      ns1.mydomain.com. zak.mydomain.com. (
                            1502115400
                            10800
                            3600
                            604800
                            38400 )
                       IN       NS      ns1.mydomain.com.
                       IN       NS      ns2.mydomain.com.

4.3.2.1.in-addr.arpa.  3600      IN       PTR     mydomain.com.

Forward lookups work great — IE dig mydomain.com A and dig mydomain.com NS both bring up the respective (correct) A and NS records. The reverse lookup however isn't showing the PTR. IE:

zak@zak-webserver:~$ dig -x 1.2.3.4 PTR

; <<>> DiG 9.10.3-P4-Ubuntu <<>> -x 1.2.3.4
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 1796
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;4.3.2.1.in-addr.arpa.  IN  PTR

Is my PTR record set up correctly? If so what are some checks I can do to find the failure point?

Best Answer

Your PTR record seems fine, you can verify that by running dig against your own DNS server.

However that doesn't mean much as long as a DNS resolution starting at the root dosn't ultimately arrive at your DNS server.

Normally you have to ask the ISP that assigned your IP address to set up a PTR record for that address.

Related Solutions

BIND – How to Set Up Wildcard DNS

Your origin for the zone is . per your configuration. You are creating records for ns1. and ns2. instead of ns1.example.com. and ns2.example.com. Since ns1.example.com and ns2.example.com aren't defined, they are matched by the wildcard.

EDIT: here's an edit of your config and zone:

zone "example.com." {
        type master;
        file "ext.zone";
};

ext.zone:

$TTL    3600
@       IN      SOA     ns1 root (
                              1         ; Serial
                         3600         ; Refresh
                          300         ; Retry
                         3600         ; Expire
                         300 )        ; Negative Cache TTL


        IN      NS      ns1
        IN      NS      ns2
        IN      A       192.0.2.6


ns1     IN      A       192.0.2.4
ns2     IN      A       192.0.2.5

*      IN      A       192.0.2.6

Everything in the zone is relative to the zone name in the named configuration, so adding a second zone just points to the same file:

zone "example.net." {
    type master;
    file "ext.zone";
};

Global Reverse DNS look-ups not working

You've set it up correctly on your server, but your server is not marked as authoritative for 123.5.253.159.in-addr.arpa. Your reverse DNS is managed by your ISP (the whole 5.253.159.in-addr.arpa zone):

; <<>> DiG 9.7.3-P3 <<>> ns 5.253.159.in-addr.arpa
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43579
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 2

;; QUESTION SECTION:
;5.253.159.in-addr.arpa.        IN  NS

;; ANSWER SECTION:
5.253.159.in-addr.arpa. 86010   IN  NS  ns3.uxw.nl.
5.253.159.in-addr.arpa. 86010   IN  NS  ns4.uxw.nl.

You have 2 solutions to solve that:

ask your ISP to define the 123.5.253.159.in-addr.arpa record for you on their DNS (ns3.uxw.nl and ns4.uxw.nl),
ask your ISP to delegate the 123.5.253.159.in-addr.arpa record to your server, as per the RFC 2317, this is just a matter of defining a CNAME pointing to a new record on a new zone on your DNS (you then have to define this special zone on your DNS, your ISP will tell you how to name this new zone).

First solution is probably the quickest, but if you change your server's name in the future, you've got to ask them to change it again. Second solution is the most flexible, if your ISP is willing to support RFC 2317. If your ISP is providing you with more than a single address, reverse DNS can be delegated for all of them (the whole range) so you can be in charge. I'd recommend you to ask for that.

This similar question is worth reading.

Trivia: a few years ago (5, or 10 years back), some people were advocating against RFC-2317, because some DNS clients couldn't handle the reverse queries well. However, I don't think that is relevant anymore, RFC-2317 exists for about 15 years now.

Best Answer

Related Solutions

BIND – How to Set Up Wildcard DNS

Global Reverse DNS look-ups not working

Related Topic