Presentation is loading. Please wait.

Presentation is loading. Please wait.

Reverse DNS. Overview Principles Creating reverse zones Setting up nameservers Reverse delegation procedures.

Published byMarshall Mason Modified over 9 years ago

Similar presentations

Presentation on theme: "Reverse DNS. Overview Principles Creating reverse zones Setting up nameservers Reverse delegation procedures."— Presentation transcript:

1 Reverse DNS

2 Overview Principles Creating reverse zones Setting up nameservers Reverse delegation procedures

3 What is ‘Reverse DNS’? ‘Forward DNS’ maps names to numbers –svc00.apnic.net -> 202.12.28.131 ‘Reverse DNS’ maps numbers to names –202.12.28.131 -> svc00.apnic.net

4 Reverse DNS - why bother? Service denial That only allow access when fully reverse delegated eg. anonymous ftp Diagnostics Assisting in trace routes etc SPAM identifications Registration Responsibility as a member and Local IR

5 In-addr.arpa Hierarchy of IP addresses –Uses ‘in-addr.arpa’ domain INverse ADDRess IP addresses: –Less specific to More specific 210.56.14.1 Domain names: –More specific to Less specific delhi.vsnl.net.in –Reversed in in-addr.arpa hierarchy 14.56.210.in-addr.arpa

6 Principles Delegate maintenance of the reverse DNS to the custodian of the address block Address allocation is hierarchical –LIRs/ISPs -> Customers -> End users

7 whois Root DNS Principles – DNS tree net edu com au whois apnic arpa 22.64.in-addr.202.arpa - Mapping numbers to names - ‘reverse DNS’ 202 203 210 211.. 202 RIR 64 ISP 22 Customer in-addr

8 Creating reverse zones Same as creating a forward zone file –SOA and initial NS records are the same as normal zone –Main difference need to create additional PTR records Can use BIND or other DNS software to create and manage reverse zones –Details can be different

9 Creating reverse zones - contd Files involved –Zone files Forward zone file –e.g. db.domain.net Reverse zone file –e.g. db.192.168.254 –Config files –Other Hints files etc. –Root.hints

10 Start of Authority (SOA) record CLASS SOA ( ) 253.253.192.in-addr.arpa.

11 Pointer (PTR) records Create pointer (PTR) records for each IP address or 131.28.12.202.in-addr.arpa. IN PTR svc00.apnic.net. 131 IN PTR svc00.apnic.net.

12 A reverse zone example Note trailing dots $ORIGIN 1.168.192.in-addr.arpa. @3600 IN SOA test.company.org. ( sys\.admin.company.org. 2002021301; serial 1h; refresh 30M; retry 1W; expiry 3600 ); neg. answ. ttl NSns.company.org. NSns2.company.org. 1PTRgw.company.org. router.company.org. 2PTRns.company.org. ;auto generate: 65 PTR host65.company.org $GENERATE 65-127 $ PTR host$.company.org.

13 What we covered so far Why Reverse DNS ? The DNS tree ? Files involved Essential Resource Records How to create reverse zones

14 Setting up the primary nameserver Add an entry specifying the primary server to the named.conf file –Ex: 28.12.202.in-addr.arpa. –Define the name server as the primary –location of the file that contains the zone records zone " " in { type master; file " "; };

15 Setting up the secondary nameserver Add an entry specifying the primary server to the named.conf file defines the name server as the secondary is the IP address of the primary name server is same as before is where the back-up file is zone " " in { type slave; file " "; Masters { ; }; };

16 Reverse delegation requirements /24 Delegations Address blocks should be assigned/allocated At least two name servers /16 Delegations Same as /24 delegations APNIC delegates entire zone to member Recommend APNIC secondary zone < /24 Delegations Read “classless in-addr.arpa delegation” RFC 2317

17 APNIC & ISPs responsibilities APNIC –Manage reverse delegations of address block distributed by APNIC –Process members requests for reverse delegations of network allocations ISPs –Be familiar with APNIC procedures –Ensure that addresses are reverse-mapped –Maintain nameservers for allocations Minimise pollution of DNS

18 Subdomains of in-addr.arpa domain Subnetting on an Octet Boundary –Similar to delegating subdomains of forward-mapping domains Mapping problems –In IPv4 the mapping is done on 8 bit boundaries (class full), address allocation is classless –Zone administration does not always overlap address administration

19 Subdomains of in-addr.arpa domain Example: an organisation given a /16 –192.168.0.0/16 (one zone file and further delegations to downstreams) –168.192.in-addr.arpa zone file should have: 0.168.192.in-addr.arpa. NS ns1.organisation0.com. 0.168.192.in-addr.arpa. NS ns2.organisation0.com. 1.168.192.in-addr.arpa. NS ns1.organisation1.com. 1.168.192.in-addr.arpa. NS ns2.organisation1.com. 2.168.192.in-addr.arpa. NS ns1.organisation2.com. 2.168.192.in-addr.arpa. NS ns2.organisation2.com. :

20 Subdomains of in-addr.arpa domain Example: an organisation given a /20 –192.168.0.0/20 (a lot of zone files!) – have to do it per /24) –Zone files 0.168.192.in-addr.arpa. 1.168.192.in-addr.arpa. 2.168.192.in-addr.arpa. : 15.168.192.in-addr.arpa.

21 Subdomains of in-addr.arpa domain Example: case of a /24 subnetted with the mask 255.255.255.192 –In-addr zone – 254.253.192.in-addr.arpa –Subnets 192.253.254.0/26 192.253.254.64/26 192.253.254.128/26 192.253.254.192/26 –If different organisations has to manage the reverse-mapping for each subnet Solution to follow…

22 Classless in-addr for 192.253.254/24 CNAME records for each of the domain names in the zone –Pointing to domain names in the new subdomains $ORIGIN 254.253.192.in-addr.arpa. 0-63 NS ns1.organisation1.com. 0-63 NS ns2.organisation1.com. 1 CNAME 1.0-63 2CNAME 2.0-63 64-127 NS ns1.organisation2.com. 64-127 NS ns2.organisation2.com. 65 CNAME 65.64-127 66CNAME 66.64-127

23 Classless in-addr for 192.253.254/24 Using $GENERATE (db.192.253.254 file) $ORIGIN 254.253.192.in-addr.arpa. 0-63 NS ns1.organisation1.com. 0-63 NS ns2.organisation1.com. $GENERATE 1-63$ CNAME $.0-63 64-127 NS ns1.organisation2.com. 64-127NS ns2.organisation2.com. $GENERATE 65-127$ CNAME $.64-127

24 Classless in-addr for 192.253.254.0/26 Now, the zone data file for 0-63.254.253.192.in- addr.arpa can contain just PTR records for IP addresses 192.253.254.1 through 192.253.154.63 $ORIGIN 0-63.254.253.192.in-addr.arpa. $TTL 1d @ SOA ns1.organisation1.com. Root.ns1.organisation1.com. ( 1; Serial 3h; Refresh 1h; Retry 1w; Expire 1h ); Negative caching TTL NS ns1.organisation1.com. NSns2.organisation1.com. 1PTR org1-name1.organisation1.com. 2PTR org1-name2.organisation1.com. 3PTR org1-name3.organisation1.com.

25 APNIC reverse delegation procedures Upon allocation, member is asked if they want /24 place holder domain objects with member maintainer –Gives member direct control Standard APNIC database object, –can be updated through online form or via email. Nameserver/domain set up verified before being submitted to the database. Protection by maintainer object –(current auths: CRYPT-PW, PGP). Zone file updated 2-hourly

26 APNIC reverse delegation procedures Complete the documentation http://www.apnic.net/db/domain.html On-line form interface –Real time feedback –Gives errors, warnings in zone configuration serial number of zone consistent across nameservers nameservers listed in zone consistent –Uses database ‘domain’ object

27 Whois domain object domain: 28.12.202.in-addr.arpa descr: in-addr.arpa zone for 28.12.202.in-addr.arpa admin-c: DNS3-AP tech-c: DNS3-AP zone-c: DNS3-AP nserver: ns.telstra.net nserver: rs.arin.net nserver: ns.myapnic.net nserver: svc00.apnic.net nserver: ns.apnic.net mnt-by: MAINT-APNIC-AP mnt-lower: MAINT-DNS-AP changed: inaddr@apnic.net 19990810 source: APNIC Reverse Zone Contacts Name Servers Maintainers (protection)

28 What we covered so far Why Reverse DNS ? The DNS tree Files involved Essential Resource Records How to create reverse zones Setting up nameservers – config files APNIC reverse delegation requirements Classless in-addr.arpa APNIC reverse delegation procedures

29 Questions ?

30 References

31 DNS and BIND by Paul Albitz & Cricket Liu –O’Reilly Request Forms http://www.apnic.net/db/revdel.html http://www.apnic.net/db/domain.html Classless Delegations http://ftp.apnic.net/ietf/rfc/rfc2000/rfc2317.txt Common DNS configuration errors http://ftp.apnic.net/ietf/rfc/rfc1000/rfc1537.txt

32 Domain name structure and delegation http://ftp.apnic.net/ietf/rfc/rfc1000/rfc1591.txt Domain administrators operations guide http://ftp.apnic.net/ietf/rfc/rfc1000/rfc1033.txt Taking care of your domain ftp://ftp.ripe.net/ripe/docs/ripe-114.txt Tools for DNS debugging http://ftp.apnic.net/ietf/rfc/rfc2000/rfc2317.txt

Download ppt "Reverse DNS. Overview Principles Creating reverse zones Setting up nameservers Reverse delegation procedures."

Similar presentations

Sweeping lame DNS reverse delegations APNIC16 – DNS Operations SIG Seoul, Korea, 20 August 2003.

Sweeping lame DNS reverse delegations APNIC16 – DNS Operations SIG Seoul, Korea, 20 August 2003.
Web Server Administration

Web Server Administration
Web Server Administration Chapter 4 Name Resolution.

Web Server Administration Chapter 4 Name Resolution.
Domain Name System. DNS is a client/server protocol which provides Name to IP Address Resolution.

Domain Name System. DNS is a client/server protocol which provides Name to IP Address Resolution.
DNS Session 4: Delegation and reverse DNS Joe Abley AfNOG 2006 workshop.

DNS Session 4: Delegation and reverse DNS Joe Abley AfNOG 2006 workshop.
DNS Domain name server – a server to translate IP aliases to addresses As you know, IP (internet protocol) works by providing every Internet machine with.

DNS Domain name server – a server to translate IP aliases to addresses As you know, IP (internet protocol) works by providing every Internet machine with.
DNS. DNS is a network service that enables clients to resolve names to IP address and vice-versa. Allows machines to be logically grouped by domain names.

DNS. DNS is a network service that enables clients to resolve names to IP address and vice-versa. Allows machines to be logically grouped by domain names.
1 DNS. 2 BIND DNS –Resolve names to IP address –Resolve IP address to names (reverse DNS) BIND –Berkeley Internet Name Domain system Version 4 is still.

1 DNS. 2 BIND DNS –Resolve names to IP address –Resolve IP address to names (reverse DNS) BIND –Berkeley Internet Name Domain system Version 4 is still.
Reverse DNS.

Reverse DNS.
The Domain Name System. CeylonLinux DNS concepts using BIND 2 Hostnames IP Addresses are great for computers –IP address includes information used for.

The Domain Name System. CeylonLinux DNS concepts using BIND 2 Hostnames IP Addresses are great for computers –IP address includes information used for.
A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E APNIC Open Address Policy Meeting What is Reverse DNS October 26th, Brisbane Bruce.

A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E APNIC Open Address Policy Meeting What is Reverse DNS October 26th, Brisbane Bruce.
Domain Name System (DNS) Network Information Center (NIC) : HOSTS.TXT.

Domain Name System (DNS) Network Information Center (NIC) : HOSTS.TXT.
DNS Domain Name Service america.pcs.cnu.edu->137.155.2.10.

DNS Domain Name Service america.pcs.cnu.edu->
Recursive Server. Overview Recursive Service Root server list localhost 0.0.127.in-addr.arpa named.conf.

Recursive Server. Overview Recursive Service Root server list localhost in-addr.arpa named.conf.
The Domain Name System Unix System Administration Download PowerPoint Presentation.

The Domain Name System Unix System Administration Download PowerPoint Presentation.
Domain Name System: DNS

Domain Name System: DNS
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 5 Introduction to DNS in Windows Server 2008.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 5 Introduction to DNS in Windows Server 2008.
Module 12: Domain Name System (DNS)

Module 12: Domain Name System (DNS)
Domain Name Services Oakton Community College CIS 238.

Domain Name Services Oakton Community College CIS 238.
11.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 11: Introducing WINS, DNS,

11.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 11: Introducing WINS, DNS,

Similar presentations

Ads by Google