Reverse DNS. Overview Principles Creating reverse zones Setting up nameservers Reverse delegation procedures.

Slides:



Advertisements
Similar presentations
Sweeping lame DNS reverse delegations APNIC16 – DNS Operations SIG Seoul, Korea, 20 August 2003.
Advertisements

Web Server Administration
Web Server Administration Chapter 4 Name Resolution.
Domain Name System. DNS is a client/server protocol which provides Name to IP Address Resolution.
DNS Session 4: Delegation and reverse DNS Joe Abley AfNOG 2006 workshop.
DNS Domain name server – a server to translate IP aliases to addresses As you know, IP (internet protocol) works by providing every Internet machine with.
DNS. DNS is a network service that enables clients to resolve names to IP address and vice-versa. Allows machines to be logically grouped by domain names.
1 DNS. 2 BIND DNS –Resolve names to IP address –Resolve IP address to names (reverse DNS) BIND –Berkeley Internet Name Domain system Version 4 is still.
Reverse DNS.
The Domain Name System. CeylonLinux DNS concepts using BIND 2 Hostnames IP Addresses are great for computers –IP address includes information used for.
A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E APNIC Open Address Policy Meeting What is Reverse DNS October 26th, Brisbane Bruce.
Domain Name System (DNS) Network Information Center (NIC) : HOSTS.TXT.
DNS Domain Name Service america.pcs.cnu.edu->
Recursive Server. Overview Recursive Service Root server list localhost in-addr.arpa named.conf.
The Domain Name System Unix System Administration Download PowerPoint Presentation.
Domain Name System: DNS
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 5 Introduction to DNS in Windows Server 2008.
Module 12: Domain Name System (DNS)
Domain Name Services Oakton Community College CIS 238.
11.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 11: Introducing WINS, DNS,
DNS. Introduction What is DNS? –Hierarchy or Tree –Dot used as a separator.
DNS and Active Directory Integration
Providing A Subset of Whois Data Via DNS Shuang Zhu Xing Li CERNET Center.
TELE 301 Lecture 11: DNS 1 Overview Last Lecture –Scheduled tasks and log management This Lecture –DNS Next Lecture –Address assignment (DHCP)
Chapter 16 – DNS. DNS Domain Name Service This service allows client machines to resolve computer names (domain names) to IP addresses DNS works at the.
Domain Names System The Domain Name System (DNS) is a hierarchical distributed naming system for computers, services, or any resource connected to the.

The APNIC Whois Database Introduction and Usage. whois.apnic.net whois.ripe.netwhois.arin.net Server Unix Client ‘X’ Client Command Prompt / Web Interface.
DNS and C# SWE 344 Internet Protocols & Client Server Programming.
Petrozavodsk State University, Alex Moschevikin, 2003NET TECHNOLOGIES Domain Name System HISTORY File hosts (the size of Internet became more than 1000.
DNS Concepts APNIC 16, Seoul, Korea 19, August 2003.
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 7: Domain Name System.
Chapter 17 Domain Name System
October 8, 2015 University of Tulsa - Center for Information Security Microsoft Windows 2000 DNS October 8, 2015.
CITA 310 Section 1 Name Resolution (Textbook Chapter 4)
Chapter 16 – The Domain Name System (DNS) Presented by Shari Holstege Tuesday, June 18, 2002.
Secured Dynamic Updates. Caution Portions of this slide set present features that do not appear in BIND until BIND 9.3 –Snapshot code is available for.
Internet and Intranet Protocols and Applications Lecture 5 Application Protocols: DNS February 20, 2002 Joseph Conron Computer Science Department New York.
Module 2 Zone Files. Objective Understand the idea of a zone and how it relates to a domain name understand zone file structure Understand the major Resource.
1 Kyung Hee University Chapter 18 Domain Name System.
Configuring Name Resolution and Additional Services Lesson 12.
Domain Name System (DNS). DNS Server Service Overview of Domain Name System What Is a Domain Namespace? Standards for DNS Naming.
1 Domain Name System (DNS). 2 3 How DNS Works Application Transport Internet Network Application Transport Internet Network DNS Resolver Name Server.
REVERSE DNS Why and how AFRINIC-II Maputo,Mozambique 26 April 2005 Alain AINA.
1 Internet Network Services. 2 Module - Internet Network Services ♦ Overview This module focuses on configuring and customizing the servers on the network.
Whois Domain Object Authorisation APNIC18 – DB SIG Nadi, Fiji 2 September 2004.
DNS DNS overview DNS operation DNS zones. DNS Overview Name to IP address lookup service based on Domain Names Some DNS servers hold name and address.
Linux Operations and Administration
DNS/Proxy Babu Ram Dawadi. Introduction - DNS Domain Name Server Domain Name Server –programs that store information about the domain name space –largest.
Web Server Administration Chapter 4 Name Resolution.
1 CMPT 471 Networking II DNS © Janice Regan,
OPTION section It is the first section of the named.conf User can use only one option statement and many option-value pair under the section. Syntax is.
2/26/2003 Lecture 4 Computer System Administration Lecture 4 Networking Startup/DNS.
A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E APNIC Open Address Policy Meeting APNIC Reverse DNS October 26th, Brisbane Bruce.
Aug 2008 KRNIC of NIDA KRNIC Updates.
Internet Naming Service: DNS* Chapter 5. The Name Space The name space is the structure of the DNS database –An inverted tree with the root node at the.
WHAT IS DNS??????????.
AfNOG-2003 Domain Name System (DNS) Ayitey Bulley Setting up an Authoritative Name Server.
Using Digital Signature with DNS. DNS structure Virtually every application uses the Domain Name System (DNS). DNS database maps: –Name to IP address.
1 Internet Service DNS & BIND OPS335 Seneca College of Applied Technology.
DNS and Inbound Load Balancing
DNS Domain name server a server to translate IP aliases to addresses
Networking Applications
IMPLEMENTING NAME RESOLUTION USING DNS
Configuring and Troubleshooting DNS
DNS and Bind Presenter David Wood
TURN Server Auto Discovery draft-patil-tram-turn-serv-disc-01
APNIC Open Policy Meeting
Domain Name System Introduction And Overview
A New Approach to DNS Security (DNSSEC)
Presentation transcript:

Reverse DNS

Overview Principles Creating reverse zones Setting up nameservers Reverse delegation procedures

What is ‘Reverse DNS’? ‘Forward DNS’ maps names to numbers –svc00.apnic.net -> ‘Reverse DNS’ maps numbers to names – > svc00.apnic.net

Reverse DNS - why bother? Service denial That only allow access when fully reverse delegated eg. anonymous ftp Diagnostics Assisting in trace routes etc SPAM identifications Registration Responsibility as a member and Local IR

In-addr.arpa Hierarchy of IP addresses –Uses ‘in-addr.arpa’ domain INverse ADDRess IP addresses: –Less specific to More specific Domain names: –More specific to Less specific delhi.vsnl.net.in –Reversed in in-addr.arpa hierarchy in-addr.arpa

Principles Delegate maintenance of the reverse DNS to the custodian of the address block Address allocation is hierarchical –LIRs/ISPs -> Customers -> End users

whois Root DNS Principles – DNS tree net edu com au whois apnic arpa in-addr.202.arpa - Mapping numbers to names - ‘reverse DNS’ RIR 64 ISP 22 Customer in-addr

Creating reverse zones Same as creating a forward zone file –SOA and initial NS records are the same as normal zone –Main difference need to create additional PTR records Can use BIND or other DNS software to create and manage reverse zones –Details can be different

Creating reverse zones - contd Files involved –Zone files Forward zone file –e.g. db.domain.net Reverse zone file –e.g. db –Config files –Other Hints files etc. –Root.hints

Start of Authority (SOA) record CLASS SOA ( ) in-addr.arpa.

Pointer (PTR) records Create pointer (PTR) records for each IP address or in-addr.arpa. IN PTR svc00.apnic.net. 131 IN PTR svc00.apnic.net.

A reverse zone example Note trailing dots $ORIGIN IN SOA test.company.org. ( sys\.admin.company.org ; serial 1h; refresh 30M; retry 1W; expiry 3600 ); neg. answ. ttl NSns.company.org. NSns2.company.org. 1PTRgw.company.org. router.company.org. 2PTRns.company.org. ;auto generate: 65 PTR host65.company.org $GENERATE $ PTR host$.company.org.

What we covered so far Why Reverse DNS ? The DNS tree ? Files involved Essential Resource Records How to create reverse zones

Setting up the primary nameserver Add an entry specifying the primary server to the named.conf file –Ex: in-addr.arpa. –Define the name server as the primary –location of the file that contains the zone records zone " " in { type master; file " "; };

Setting up the secondary nameserver Add an entry specifying the primary server to the named.conf file defines the name server as the secondary is the IP address of the primary name server is same as before is where the back-up file is zone " " in { type slave; file " "; Masters { ; }; };

Reverse delegation requirements /24 Delegations Address blocks should be assigned/allocated At least two name servers /16 Delegations Same as /24 delegations APNIC delegates entire zone to member Recommend APNIC secondary zone < /24 Delegations Read “classless in-addr.arpa delegation” RFC 2317

APNIC & ISPs responsibilities APNIC –Manage reverse delegations of address block distributed by APNIC –Process members requests for reverse delegations of network allocations ISPs –Be familiar with APNIC procedures –Ensure that addresses are reverse-mapped –Maintain nameservers for allocations Minimise pollution of DNS

Subdomains of in-addr.arpa domain Subnetting on an Octet Boundary –Similar to delegating subdomains of forward-mapping domains Mapping problems –In IPv4 the mapping is done on 8 bit boundaries (class full), address allocation is classless –Zone administration does not always overlap address administration

Subdomains of in-addr.arpa domain Example: an organisation given a /16 – /16 (one zone file and further delegations to downstreams) – in-addr.arpa zone file should have: in-addr.arpa. NS ns1.organisation0.com in-addr.arpa. NS ns2.organisation0.com in-addr.arpa. NS ns1.organisation1.com in-addr.arpa. NS ns2.organisation1.com in-addr.arpa. NS ns1.organisation2.com in-addr.arpa. NS ns2.organisation2.com. :

Subdomains of in-addr.arpa domain Example: an organisation given a /20 – /20 (a lot of zone files!) – have to do it per /24) –Zone files in-addr.arpa in-addr.arpa in-addr.arpa. : in-addr.arpa.

Subdomains of in-addr.arpa domain Example: case of a /24 subnetted with the mask –In-addr zone – in-addr.arpa –Subnets / / / /26 –If different organisations has to manage the reverse-mapping for each subnet Solution to follow…

Classless in-addr for /24 CNAME records for each of the domain names in the zone –Pointing to domain names in the new subdomains $ORIGIN in-addr.arpa NS ns1.organisation1.com NS ns2.organisation1.com. 1 CNAME CNAME NS ns1.organisation2.com NS ns2.organisation2.com. 65 CNAME CNAME

Classless in-addr for /24 Using $GENERATE (db file) $ORIGIN in-addr.arpa NS ns1.organisation1.com NS ns2.organisation1.com. $GENERATE 1-63$ CNAME $ NS ns1.organisation2.com NS ns2.organisation2.com. $GENERATE $ CNAME $

Classless in-addr for /26 Now, the zone data file for in- addr.arpa can contain just PTR records for IP addresses through $ORIGIN in-addr.arpa. $TTL SOA ns1.organisation1.com. Root.ns1.organisation1.com. ( 1; Serial 3h; Refresh 1h; Retry 1w; Expire 1h ); Negative caching TTL NS ns1.organisation1.com. NSns2.organisation1.com. 1PTR org1-name1.organisation1.com. 2PTR org1-name2.organisation1.com. 3PTR org1-name3.organisation1.com.

APNIC reverse delegation procedures Upon allocation, member is asked if they want /24 place holder domain objects with member maintainer –Gives member direct control Standard APNIC database object, –can be updated through online form or via . Nameserver/domain set up verified before being submitted to the database. Protection by maintainer object –(current auths: CRYPT-PW, PGP). Zone file updated 2-hourly

APNIC reverse delegation procedures Complete the documentation On-line form interface –Real time feedback –Gives errors, warnings in zone configuration serial number of zone consistent across nameservers nameservers listed in zone consistent –Uses database ‘domain’ object

Whois domain object domain: in-addr.arpa descr: in-addr.arpa zone for in-addr.arpa admin-c: DNS3-AP tech-c: DNS3-AP zone-c: DNS3-AP nserver: ns.telstra.net nserver: rs.arin.net nserver: ns.myapnic.net nserver: svc00.apnic.net nserver: ns.apnic.net mnt-by: MAINT-APNIC-AP mnt-lower: MAINT-DNS-AP changed: source: APNIC Reverse Zone Contacts Name Servers Maintainers (protection)

What we covered so far Why Reverse DNS ? The DNS tree Files involved Essential Resource Records How to create reverse zones Setting up nameservers – config files APNIC reverse delegation requirements Classless in-addr.arpa APNIC reverse delegation procedures

Questions ?

References

DNS and BIND by Paul Albitz & Cricket Liu –O’Reilly Request Forms Classless Delegations Common DNS configuration errors

Domain name structure and delegation Domain administrators operations guide Taking care of your domain ftp://ftp.ripe.net/ripe/docs/ripe-114.txt Tools for DNS debugging

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.