[Dnsmasq-discuss] Enabling Reverse Lookup In A Live Environment

Jason jason.wallace at myrealbox.com
Sun Nov 16 05:14:08 GMT 2008


    I don't think my upstream provider, AT&T, has delegated the reverse 
lookup to me because, when I do a reverse lookup from outside my 
network, nothing shows up in the firewall log.  Also, the reverse lookup 
says "unable to resolve".  So I think the request is just being 

And yes, I have my SPF records in place with my domain registrar via 
their name servers.


Paul Chambers wrote:
> Hmm... that's not how I understood it to work (not that I'm a DNS 
> expert...)
> I thought reverse lookups worked their way down through the IP 
> netblock assignments, and it would be up to the entity that ;owns' 
> your IP address (i.e. your ISP) to resolve reverse lookups, or have 
> some mechanism to delegate to you (latter is rare, AFAIK). Usually an 
> ISP resolves it to some generated name like 
> 12-34-56-78.static.ispname.com.
> If your ISP isn't responding to reverse lookups for your IP address at 
> all, I'm pretty sure their configuration is broken, and it's not 
> something you'll be able to fix/work around. Are you sure it's not 
> resolving at all? looking at the full mail headers of your post, the 
> first IP address from the Received: lines does reverse-resolve (to 
> 206-169-206-62.vtc.net.)
> Now if you want your domain name to be returned instead of the ISP's, 
> that will require the co-operation of your ISP, either to change the 
> name returned in their records, or to delegate the request to you. 
> Only if it's delegated to you, do you need to worry about answering 
> the query using dnsmasq. I doubt your ISP would even consider 
> delegating for less than a small block of routeable IPs (and probably 
> not even then).
> Again, take this with a pinch of salt, since I'm no DNS expert. I'm 
> sure others will correct me if I'm off-base.
> On a completely different tangent, you don't happen to have SPF 
> records defined for your domain, do you? that's a possible alternate 
> cause of the behavior you described.
> Paul
> Jason Wallace wrote:
>> Friends,
>>     I am currently running dnsmasq for a small lan as a dhcp and dns 
>> server.  I recently switched upstream providers and my new provider 
>> seems unable to do the reverse lookups for me.  So, much of the email 
>> from my domain is getting bounced because the reverse lookup doesn't 
>> succeed.  I would like to set up dnsmasq to answer reverse lookup 
>> requests, but I don't quite know how to begin.  Here's some info 
>> regarding my network:
>> 1.  The network is "NAT"ted, by the machine that runs dnsmasq.
>> 2.  Inside my lan, my domain, xxxx.com, resolves to a local machine 
>> (email server),, for instance.
>> 3.  Outside my lan, dnsmasq would have to answer that the global IP, 
>>, resolves to my domain name, xxxx.com.
>> 4.  Right now, my network does not answer DNS requests from outside. 
>> 5.  My domain registrar is also doing the forward DNS on their name 
>> servers.
>> 6.  My upstream provider (ISP) is not the domain registrar.
>> All the details above are fabricated, of course.
>> Question 1:  Will this even work?  How can I tell if my NAT machine 
>> is even receiving the reverse dns requests?
>> Question 2:  Assuming that my machine is interrogated for reverse 
>> DNS, how do I implement it in dnsmasq in a live environment 
>> minimizing downtime.  Especially regarding that the domain name 
>> resolves one way to my lan and another way (in reverse) to the internet?
>> Jason Wallace
>> _______________________________________________
>> Dnsmasq-discuss mailing list
>> Dnsmasq-discuss at lists.thekelleys.org.uk
>> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

More information about the Dnsmasq-discuss mailing list