Tuesday, 11 March 2014

Configuring Reverse DNS in BIND 9

Reverse DNS is the process of using DNS to translate IP addresses to hostnames. Reverse DNS is the opposite of Forward DNS, which is used to translate hostnames to IP addresses.

One way to see reverse DNS at work is to use nslookup a tool on most OS’s.
Let’s use `nslookup` to do a forward and reverse DNS lookup on redhat.com:
##FORWARD LOOKUP
[phil@ns1 ~]$ nslookup redhat.com
Server:         206.71.175.XX
Address:        206.71.175.XX#53
 
Non-authoritative answer:
Name:   redhat.com
Address: 209.132.177.50
##REVERSE LOOKUP
[phil@ns1 ~]$ nslookup 209.132.177.50
Server:         206.71.175.XX
Address:        206.71.175.XX#53
 
Non-authoritative answer:
50.177.132.209.in-addr.arpa     name = www.redhat.com.
 
Authoritative answers can be found from:
177.132.209.in-addr.arpa        nameserver = ns3.redhat.com.
177.132.209.in-addr.arpa        nameserver = ns2.redhat.com.
177.132.209.in-addr.arpa        nameserver = ns1.redhat.com.
Reverse DNS is setup by configuring PTR records (Pointer Records) on your DNS server.
This is in different to Forward DNS, which are configured with A records (Address Records).
Typically you or a DNS provider is in charge of Forward DNS. In the case of Reverse DNS most likely your ISP supplying your IP information will have responsibility. You would simply send them what Hostname resolves to what IP, and they would setup the PTR records. You can setup Reverse DNS on your own name servers if you choose which we will cover in this article.
Your ISP or hosting provider may delegate your own range of IP addresses, or you may have NAT setup for Private IP space you control, in this case you must configure Reverse DNS thru PTR records on your DNS server.
A lot of Systems Administrators configure Forward DNS but not Reverse DNS. In most cases when you do this things will work fine, however some applications require doing Reverse DNS lookups in which case you could run into latency issues and a whole slew of other issues.
Common applications and protocols such as IRC, SMTP, Backup utilities, and Databases sometimes use Reverse DNS.
It is best practice to configure Reverse DNS from the get go, to avoid troubleshooting headaches.
Below is a quick example how-to.
Say you NAT Private IP’s in your network 192.168.0.1-192.168.0.255
STEP 1 create a zone file and place it where you store your zone files named
0.168.192.in-addr.arpa
(Notate your address space backwards missing last octect with .in-addr.arpa appended)
Your zone file will look like this: (between ##)
#######
 
@       IN      SOA     ns1.yournameserver.com. root.domain.com.     (
2007040301      ;serial
14400                 ;refresh
3600                   ;retry
604800              ;expire
10800                ;minimum
)
 
0.168.192.in-addr.arpa.                IN      NS      ns1.yournameserver.com.
0.168.192.in-addr.arpa.                IN      NS      ns2.yournameserver.com.
 
2               IN      PTR     blah1.domain.com.
3               IN      PTR     blah2.domain.com.
4               IN      PTR     blah3.domain.com.
5               IN      PTR     blah4.domain.com.
6               IN      PTR     blah5.domain.com.
 
########
The example zone file above stipulates the below:
192.168.0.2 blah1.domain.com
192.168.0.3 blah2.domain.com
192.168.0.4 blah3.domain.com
192.168.0.5 blah4.domain.com
192.168.0.6 blah5.domain.com
The number 2-6 are the last octect of 192.168.0. and PTR is the pointer.
STEP 2 Enter the zone into your named.conf or named.boot as you would a regular zone.
This would go into your Master DNS server or Primary DNS server
zone "0.168.192.in-addr.arpa" IN {
type master;
file "0.168.192.in-addr.arpa";
allow-update { none; };
};
This would go into your Slave DNS server or Secondary DNS server
zone "0.168.192.in-addr.arpa" IN {
type slave;
file "0.168.192.in-addr.arpa";
masters { whateveryourmasteripis; };
};
STEP 3
Wholla if configured right you should be up and running. Make sure to tail your log file when you restart DNS for any errors in syntax

No comments: