reverse DNS ?

phn at phn at
Wed Jun 5 07:25:24 UTC 2002

Brian Bergin <see_footer at> wrote:

> Trying to figure out how Reverse DNS works on the Internet.  We have
> connectivity from 3 providers and /24's from all of them.  2 of the providers
> allow us to provide RDNS using our internal DNS servers.  The 3rd provider
> claims it's not possible to do what the first 2 are doing.  So for example (IPs
> changed for security):

> Provider 1's /24 is:
> Provider 2's /24s are:
> Provider 3's /24's are:

> We provide RDNS for 1 & 2.  3 says it's not possible.  Does it not work this
> way:

3 probably do not _want_ you to do this.

What they need to do is to mail a delegation change to arin/ripe/apnic
where the /24 is delegated to your nameservers instead of the ISP.

I would push this hard, up to the line that you drop the
3-rd provider if they do not comply !

> For any provider, they get addresses from ARIN, say and
> tell ARIN the authoritative DNS servers for that block.  Then, they can then
> setup DNS on their end for our 2 subnets that they've setup for us and point
> RDNS to us so that reverse resolution works like this:

For a fill /24 it's simplest to re-delegate.

For the (few) ISP that has a /16 they can delegate themself. Which
provider are you talking about ( we all want to know so we
can avoid them )

> A client computer makes RDNS request for, looks to root servers finds
> that on is authoritative for the parent block and
> sends the client there. doesn't know what the RDNS is for
> but knows that on is authoritative for
> and sends the client there. is then queried and
> returns:

> If that's not how it works, how are provider 1 & 2 doing this?  I just don't
> want to provide unsecured zone transfers to the ISP for these blocks.  We
> require secured updates, don't allow transfers to DNS servers not listed on the
> name servers page, and secondary servers hosted in another location transfer
> over a VPN link.  Thanks...
> Thanks...
> Brian Bergin

> I can be reached via e-mail at 
> cisco_dot_news_at_comcept_dot_net.  
> Replace _word_ with the corresponding 
> punctuation.

Peter Håkanson         
        IPSec  Sverige      ( At Gothenburg Riverside )
           Sorry about my e-mail address, but i'm trying to keep spam out,
	   remove "icke-reklam" if you feel for mailing me. Thanx.

More information about the bind-users mailing list