Reverse DNS
April 25, 2004 7:41 PM   Subscribe

How does reverse DNS work? [more inside, related to web hosting and anti-spam measures]

I have my own leased dedicated server with several sites on it, each with their own IP address. The server also acts as the primary and secondary DNS for each of these sites. I'm pretty comfortable with configuring the DNS and all works swimmingly.

An increasing number of email hosts reject email if there is not a valid reverse DNS lookup, it seems. In other words, mydomain.com name points to 11.11.11.11, but not vice versa, and when the receiving server can't look up mydomain.com from 11.11.11.11, they reject the email.

I did some poking around, and it's apparently impossible for me to set this up, even though I control the primary and secondary DNS server. This is apparently something I need to get my web hosting company to do.

My question is this:
Is that true, and if so, why? Does the owner of an entire ip range (class C? class D?) have to set it up?

Thanks for any help, I'd like to be clear what I'm asking for before I talk to my web host.
posted by malphigian to Computers & Internet (4 answers total)
 
It's not a myth, and here is your explanation. If you look at the end of that page, it describes the sequence of events that comprise a reverse lookup, and your ISP (or whoever assigned you your IP numbers) plays a part. If you are 10.1.2.3, and your ISP doesn't have an entry for 3.2.1.10.in-addr.arpa, the lookup stops there, and you are screwed.

BTW, this is the third result listed when googling "reverse dns".

Simply ask for a reverse DNS entry. If they don't know what that is, you're not talking to the right people.
posted by i_am_joe's_spleen at 7:59 PM on April 25, 2004


Response by poster: Thanks, and sorry for failing the google test, I somehow missed that link. I'm generally pretty comfortable with anything technical ( I've worked as a coder for 10 years ) -- but for some reason, network stuff tends to leave me flustered. Must have psyched-out my google-fu.
posted by malphigian at 8:15 PM on April 25, 2004


Well, you can indeed run in-addr on your local DNS server just like you run forward DNS, if you have an entire subnet. You just need an ISP that is co-operative enough to pull the zone from you. Many don't/won't because it is a pain, in particular if it is less than a /24. Generally the smaller ISPs will be more willing, but your best bet is just contact the ISP and request the in-addr to be set up and not worry about hosting it.

You can do whois lookups on IP numbers using whois.arin.net to find out who maintains the in-addr zone files. For example

whois -h whois.arin.net 168.143.0.0
posted by stbalbach at 8:29 PM on April 25, 2004


It's worth noting that the Internet no longer uses classful addressing... e.g. "Class C" is no longer a correct term for a network with a 24-bit netmask. Furthermore, Class D and E were orthogonal to classes A-C... they were for multicast and reserved purposes, IIRC, but I'm probably wrong.
Now, address ranges are specificied in terms of a prefix and a prefix length, specified as prefix/prefixlength. The prefix length specifies how many bits from the left are on in the netmask. Class A-sized blocks are /8's (10/8), B-sized blocks are /16's (192.168/16), and C-sized blocks are /24's (192.168.1.0/24). A single host is a /32 (192.168.1.1/32).
That's terribly incoherent, but.
posted by mote at 7:59 PM on April 26, 2004


« Older Apple/Safari Question   |   Trouble with Access Newer »
This thread is closed to new comments.