[Dnsmasq-discuss] Enabling Reverse Lookup In A Live Environment

Paul Chambers bod at bod.org
Sat Nov 15 21:59:01 GMT 2008

Hmm... that's not how I understood it to work (not that I'm a DNS expert...)

I thought reverse lookups worked their way down through the IP netblock 
assignments, and it would be up to the entity that ;owns' your IP 
address (i.e. your ISP) to resolve reverse lookups, or have some 
mechanism to delegate to you (latter is rare, AFAIK). Usually an ISP 
resolves it to some generated name like 12-34-56-78.static.ispname.com.

If your ISP isn't responding to reverse lookups for your IP address at 
all, I'm pretty sure their configuration is broken, and it's not 
something you'll be able to fix/work around. Are you sure it's not 
resolving at all? looking at the full mail headers of your post, the 
first IP address from the Received: lines does reverse-resolve (to 

Now if you want your domain name to be returned instead of the ISP's, 
that will require the co-operation of your ISP, either to change the 
name returned in their records, or to delegate the request to you. Only 
if it's delegated to you, do you need to worry about answering the query 
using dnsmasq. I doubt your ISP would even consider delegating for less 
than a small block of routeable IPs (and probably not even then).

Again, take this with a pinch of salt, since I'm no DNS expert. I'm sure 
others will correct me if I'm off-base.

On a completely different tangent, you don't happen to have SPF records 
defined for your domain, do you? that's a possible alternate cause of 
the behavior you described.


Jason Wallace wrote:
> Friends,
>     I am currently running dnsmasq for a small lan as a dhcp and dns server.  I recently switched upstream providers and my new provider seems unable to do the reverse lookups for me.  So, much of the email from my domain is getting bounced because the reverse lookup doesn't succeed.  I would like to set up dnsmasq to answer reverse lookup requests, but I don't quite know how to begin.  Here's some info regarding my network:
> 1.  The network is "NAT"ted, by the machine that runs dnsmasq.
> 2.  Inside my lan, my domain, xxxx.com, resolves to a local machine (email server),, for instance.
> 3.  Outside my lan, dnsmasq would have to answer that the global IP,, resolves to my domain name, xxxx.com.
> 4.  Right now, my network does not answer DNS requests from outside. 
> 5.  My domain registrar is also doing the forward DNS on their name servers.
> 6.  My upstream provider (ISP) is not the domain registrar.
> All the details above are fabricated, of course.
> Question 1:  Will this even work?  How can I tell if my NAT machine is even receiving the reverse dns requests?
> Question 2:  Assuming that my machine is interrogated for reverse DNS, how do I implement it in dnsmasq in a live environment minimizing downtime.  Especially regarding that the domain name resolves one way to my lan and another way (in reverse) to the internet?
> Jason Wallace
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

More information about the Dnsmasq-discuss mailing list