ALL ABOUT REVERSE DNS
everything you need to know to get reverse DNS working
OVERVIEW
This article tells you everything you need to know to
successfully purchase and use Nettica's Reverse DNS services. Consider it
required reading if you are interested in finally solving your reverse DNS
problems.
WHAT IS REVERSE DNS?
I'm sure you're wondering, what is reverse DNS? How is it
different from regular DNS? Regular (forward) DNS resolves a host name
to an IP address; reverse DNS does just the opposite: it resolves an IP address
to a host name. This is done through two completely different
mechanisms. With forward DNS you setup your name servers with your domain
registrar. With reverse DNS you must contact your ISP. This is
because reverse DNS uses a series of delegations from the root servers
to figure out the host name for a given IP address. At some point in the
chain of delegations, your ISP's DNS servers must handle the reverse DNS
lookup. They either handle it themselves, or delegate it again. This
is where Nettica comes in. We require your ISP to delegate your
IP address block to our servers. After that, you can easily manage the
reverse DNS for your IP address block range using our services.
Please ask your ISP if they can delegate reverse DNS before purchasing our
service.
WHO SHOULD PURCHASE OUR SERVICE?
We require you have a block of at least 8 addresses. If
you have "5 usable", you qualify. This is because you really have a block
of eight: two at the bottom of your range are unusable, as well as one at the
top.
IP ADDRESS BLOCK MATH
Let's assume you have the situation of 5 usable addresses out of
a block of 8. Your ISP tells you your block starts at a.b.c.82 and its
used by your gateway (router). The math is fairly straightforward:
if your ISP allocates IP block efficiently, which almost all do, then for a
given subnet all addresses are allocated with the same block size. So if
you have a block of 8, you share a subnet with 32 other customers who also have
a range starting at something divisible by 8. In our example:
82 / 8 = 10 (integer division, no remainder)
10 * 8 (block size) = 80.
In our example, your IP block starts at a.b.c.80, not a.b.c.82
like the ISP said. This math will work the same for any IP address in
your range, and if you have a larger block, such as "13 usable", or 16, you
divide and multiply by 16 instead of 8.
BLOCK NAMING AND NETWORK SIZE
The block is important because there is a "best practice" for
reverse DNS naming conventions. Not all ISPs abide by it, but it is how
we setup your reverse DNS by default. We can handle just about any naming
convention an ISP can throw at us, but we prefer to do things right if at all
possible. The best-practice convention for classless reverse DNS naming
of the IP address a.b.c.d is:
d.block address-network size.c.b.a.in-addr.arpa
In our example, that would be:
82.80-29.c.b.a.in-addr.arpa
Notice there are two components, the block start
address, and the network size. Network size is very similar to a subnet
mask, but is in fact different because it differentiates the size of your
subnet. The table below lists sizes of various networks up to a full
class "C". We can handle any size network including class "C". If
you need services for a block larger than 128, contact support for custom
pricing information.
NETWORK SIZE
|
| 8 Addresses (/29) |
| 16 Addreses (/28) |
| 32 Addresses (/27) |
| 64 Addresses (/26) |
| 128 Addresses (/25) |
256 Addresses (/24)
(full class "C" network) |
|
|
All of this is important because it determines how the ISP sets up their
delegation.
NS AND CNAME RECORDS
Finally, we come to the delegation. This is done using NS
(name server) and CNAME (alias) records in the zone file for your subnet, at
your ISP's authoritative name server. They should modify their zone file
to look like this:
80-29 IN NS DNS1.NETTICA.COM.
80-29 IN NS DNS2.NETTICA.COM.
80-29 IN NS DNS3.NETTICA.COM.
80-29 IN NS DNS4.NETTICA.COM.
80-29 IN NS DNS5.NETTICA.COM.
;
80 IN CNAME 80.80-29.c.b.a.in-addr.arpa.
81 IN CNAME 81.80-29.c.b.a.in-addr.arpa.
82 IN CNAME 82.80-29.c.b.a.in-addr.arpa.
83 IN CNAME 83.80-29.c.b.a.in-addr.arpa.
84 IN CNAME 84.80-29.c.b.a.in-addr.arpa.
85 IN CNAME 85.80-29.c.b.a.in-addr.arpa.
86 IN CNAME 86.80-29.c.b.a.in-addr.arpa.
87 IN CNAME 87.80-29.c.b.a.in-addr.arpa.
This is basically exactly how it should look if they
follow best practices. There are actually two formats for best practice,
using a dash ("-"), or a slash ("/"). We support both methods, however,
by default we use the dash method. If your ISP delegates to us with a
dash, just contact Support
and we will adjust your zone file appropriately.
COMPLETING THE DELEGATION
Unlike regular DNS, after they delegate their DNS it normally does
not take 24 hours to propagate the change. It only takes the
amount of time for their resource record to timeout, usually a lot less than a
day.
SETTING UP REVERSE DNS USING NETTICA
Once you purchase your Reverse DNS service your zone is created
and you can begin setting up your service. At this point it's almost
trivial how easy it is to use. Just go to the zone and begin editting the
entries:
MANAGE REVERSE DNS
a.b.c.80/29
80-29.c.b.a.in-addr.arpa
|
|
|
|
|
The only special requirement at this point is that you need to
make sure your host record ("A" record) matches the IP address so your forward
and reverse DNS match. We do not require you use us for forward DNS, so
it's up to you to make sure the records are in sync.
SPECIAL CONSIDERATIONS
We can handle a variety of different naming conventions.
If your ISP uses a non-standard naming convention, have them setup their
delegation and we will match their configuration. We can handle just
about any convention.
If your ISP will only delegate to "your" name servers, and not
ours, contact Support and
we will help you solve that problem.
If for any reason we cannot solve your reverse DNS problem after
purchase, we will refund your purchase at your request.
CONCLUSION
You now know more than you ever wanted about Reverse DNS.
As you can see, we are experts in the field. We will be happy to help you
get your services up and running as we are the full service DNS
provider.