[Dnsmasq-discuss] Enabling Reverse Lookup In A Live Environment
Paul Chambers
bod at bod.org
Sun Nov 16 07:16:32 GMT 2008
How are you doing the reverse lookup? `dig -x 4.5.6.7` ?
I've found I needed to list the hostname as returned by reverse lookup
of the public IP, as well as the hostname sent in outgoing SMTP
connections, in my SPF records. Maybe a red herring, but thought I'd
mention it.
-- Paul
Jason wrote:
> Paul,
>
> I don't think my upstream provider, AT&T, has delegated the reverse
> lookup to me because, when I do a reverse lookup from outside my
> network, nothing shows up in the firewall log. Also, the reverse
> lookup says "unable to resolve 4.5.6.7". So I think the request is
> just being dumped.
> And yes, I have my SPF records in place with my domain registrar via
> their name servers.
>
> Thanks,
> Jason
>
> Paul Chambers wrote:
>> Hmm... that's not how I understood it to work (not that I'm a DNS
>> expert...)
>>
>> I thought reverse lookups worked their way down through the IP
>> netblock assignments, and it would be up to the entity that ;owns'
>> your IP address (i.e. your ISP) to resolve reverse lookups, or have
>> some mechanism to delegate to you (latter is rare, AFAIK). Usually an
>> ISP resolves it to some generated name like
>> 12-34-56-78.static.ispname.com.
>>
>> If your ISP isn't responding to reverse lookups for your IP address
>> at all, I'm pretty sure their configuration is broken, and it's not
>> something you'll be able to fix/work around. Are you sure it's not
>> resolving at all? looking at the full mail headers of your post, the
>> first IP address from the Received: lines does reverse-resolve (to
>> 206-169-206-62.vtc.net.)
>>
>> Now if you want your domain name to be returned instead of the ISP's,
>> that will require the co-operation of your ISP, either to change the
>> name returned in their records, or to delegate the request to you.
>> Only if it's delegated to you, do you need to worry about answering
>> the query using dnsmasq. I doubt your ISP would even consider
>> delegating for less than a small block of routeable IPs (and probably
>> not even then).
>>
>> Again, take this with a pinch of salt, since I'm no DNS expert. I'm
>> sure others will correct me if I'm off-base.
>>
>> On a completely different tangent, you don't happen to have SPF
>> records defined for your domain, do you? that's a possible alternate
>> cause of the behavior you described.
>>
>> Paul
>>
>> Jason Wallace wrote:
>>> Friends,
>>>
>>> I am currently running dnsmasq for a small lan as a dhcp and dns
>>> server. I recently switched upstream providers and my new provider
>>> seems unable to do the reverse lookups for me. So, much of the
>>> email from my domain is getting bounced because the reverse lookup
>>> doesn't succeed. I would like to set up dnsmasq to answer reverse
>>> lookup requests, but I don't quite know how to begin. Here's some
>>> info regarding my network:
>>>
>>> 1. The network is "NAT"ted, by the machine that runs dnsmasq.
>>> 2. Inside my lan, my domain, xxxx.com, resolves to a local machine
>>> (email server), 10.1.1.2, for instance.
>>> 3. Outside my lan, dnsmasq would have to answer that the global IP,
>>> 5.6.7.8, resolves to my domain name, xxxx.com.
>>> 4. Right now, my network does not answer DNS requests from outside.
>>> 5. My domain registrar is also doing the forward DNS on their name
>>> servers.
>>> 6. My upstream provider (ISP) is not the domain registrar.
>>>
>>> All the details above are fabricated, of course.
>>>
>>> Question 1: Will this even work? How can I tell if my NAT machine
>>> is even receiving the reverse dns requests?
>>>
>>> Question 2: Assuming that my machine is interrogated for reverse
>>> DNS, how do I implement it in dnsmasq in a live environment
>>> minimizing downtime. Especially regarding that the domain name
>>> resolves one way to my lan and another way (in reverse) to the
>>> internet?
>>>
>>> Jason Wallace
>>>
>>> _______________________________________________
>>> Dnsmasq-discuss mailing list
>>> Dnsmasq-discuss at lists.thekelleys.org.uk
>>> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>>>
>>
>>
>
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
More information about the Dnsmasq-discuss
mailing list