[TriLUG] Reverse DNS

Aaron Joyner aaron at joyner.ws
Wed Apr 17 21:44:33 EDT 2013


On Wed, Apr 17, 2013 at 9:05 AM, Brian McCullough <bdmc at buadh-brath.com>wrote:

> On Wed, Apr 17, 2013 at 07:45:45AM -0400, Aaron S. Joyner wrote:
> > Joseph is precisely correct. They may delegate to you via CNAME, but
> you'll
> > still need their involvement.
>
> Thank you both.  I have passed Joseph's comment on to my friend so that
> he can contact the address range owner.
>
>
>
> > Try this command for a look into how it works (with your IP instead of
> the
> > RFC 1918 address below):
> >
> > $ dig +trace -x 10.0.0.10
>
> Interesting, sort of.
>
> When I did that, all I got was the root servers.
>
> When I did it with my own IP address, I got a PTR record from
> bellsouth.net.


Yep, that's what you'd expect.  The -x tells dig to do the "inversion" for
you, which is required to look up PTR records.  In other words, convert
1.2.3.4 into 4.3.2.1.in-addr.arpa., and look up that name.  The +trace
option tells dig to start at the root nameservers, and look up it's way
down the stack until it finds an answer.  In this case, when it asked for
10.in-addr.arpa., the root servers said "Nope, we're authoritative for
that, and there's no answer." because that address is from one of the
RFC1918 block of addresses reserved for private use.

When you did the same command with your IP address (call it 1.2.3.4), it
showed you the chain of responsibility for your PTR record, starting with
the root, who delegates all of the 'in-addr.arpa.' domain, which then
delegates the Class A to arin.net, assuming you're in the US.  Note that
the nameserver has returned an answer for NS records for 1.in-addr.arpa.
 That's just the first octet of your IP, eg. the integer before the first
dot, appearing on the left.

arin.net delegates to the Class B, which is probably loosely related to
your IP (either it's your IP, or their provider).  To do this, it returns
NS records for 2.1.in.addr.arpa..  Note that the second octet of your IP,
the integer between the fist and second dot, is now on the left, as we
proceed in the traditional DNS right-to-left fashion of delegation.

Depending on the size of your ISP, you might see another delegation to the
3rd octet, or you might just get an answer from that set of nameservers, in
the form of a PTR record and some authoritative NS records.  You might also
get back a CNAME, which points to some sensible forward-resolving domain
(eg. a CNAME to 1.2.3.4.yourdomain.com), which would allow you to create a
PTR at 1.2.3.4.yourdomain.com and control what name is returned to clients.
 I used to know a few of these off the top of my head I could give you as
an example to look at... but the ISP I worked for at the time has gone
under, so they're not resolvable any more.  That makes me kinda sad.  Like
sands through the hourglass, so are the days of our lives.

Aaron S. Joyner



More information about the TriLUG mailing list