[Dnsmasq-discuss] Enabling Reverse Lookup In A Live Environment

Paul Chambers bod at bod.org
Sun Nov 16 07:16:32 GMT 2008 

How are you doing the reverse lookup? `dig -x 4.5.6.7` ?

I've found I needed to list the hostname as returned by reverse lookup 
of the public IP, as well as the hostname sent in outgoing SMTP 
connections, in my SPF records. Maybe a red herring, but thought I'd 
mention it.

-- Paul

Jason wrote:
> Paul,
>
>    I don't think my upstream provider, AT&T, has delegated the reverse 
> lookup to me because, when I do a reverse lookup from outside my 
> network, nothing shows up in the firewall log.  Also, the reverse 
> lookup says "unable to resolve 4.5.6.7".  So I think the request is 
> just being dumped.
> And yes, I have my SPF records in place with my domain registrar via 
> their name servers.
>
> Thanks,
> Jason
>
> Paul Chambers wrote:
>> Hmm... that's not how I understood it to work (not that I'm a DNS 
>> expert...)
>>
>> I thought reverse lookups worked their way down through the IP 
>> netblock assignments, and it would be up to the entity that ;owns' 
>> your IP address (i.e. your ISP) to resolve reverse lookups, or have 
>> some mechanism to delegate to you (latter is rare, AFAIK). Usually an 
>> ISP resolves it to some generated name like 
>> 12-34-56-78.static.ispname.com.
>>
>> If your ISP isn't responding to reverse lookups for your IP address 
>> at all, I'm pretty sure their configuration is broken, and it's not 
>> something you'll be able to fix/work around. Are you sure it's not 
>> resolving at all? looking at the full mail headers of your post, the 
>> first IP address from the Received: lines does reverse-resolve (to 
>> 206-169-206-62.vtc.net.)
>>
>> Now if you want your domain name to be returned instead of the ISP's, 
>> that will require the co-operation of your ISP, either to change the 
>> name returned in their records, or to delegate the request to you. 
>> Only if it's delegated to you, do you need to worry about answering 
>> the query using dnsmasq. I doubt your ISP would even consider 
>> delegating for less than a small block of routeable IPs (and probably 
>> not even then).
>>
>> Again, take this with a pinch of salt, since I'm no DNS expert. I'm 
>> sure others will correct me if I'm off-base.
>>
>> On a completely different tangent, you don't happen to have SPF 
>> records defined for your domain, do you? that's a possible alternate 
>> cause of the behavior you described.
>>
>> Paul
>>
>> Jason Wallace wrote:
>>> Friends,
>>>
>>>     I am currently running dnsmasq for a small lan as a dhcp and dns 
>>> server.  I recently switched upstream providers and my new provider 
>>> seems unable to do the reverse lookups for me.  So, much of the 
>>> email from my domain is getting bounced because the reverse lookup 
>>> doesn't succeed.  I would like to set up dnsmasq to answer reverse 
>>> lookup requests, but I don't quite know how to begin.  Here's some 
>>> info regarding my network:
>>>
>>> 1.  The network is "NAT"ted, by the machine that runs dnsmasq.
>>> 2.  Inside my lan, my domain, xxxx.com, resolves to a local machine 
>>> (email server), 10.1.1.2, for instance.
>>> 3.  Outside my lan, dnsmasq would have to answer that the global IP, 
>>> 5.6.7.8, resolves to my domain name, xxxx.com.
>>> 4.  Right now, my network does not answer DNS requests from outside. 
>>> 5.  My domain registrar is also doing the forward DNS on their name 
>>> servers.
>>> 6.  My upstream provider (ISP) is not the domain registrar.
>>>
>>> All the details above are fabricated, of course.
>>>
>>> Question 1:  Will this even work?  How can I tell if my NAT machine 
>>> is even receiving the reverse dns requests?
>>>
>>> Question 2:  Assuming that my machine is interrogated for reverse 
>>> DNS, how do I implement it in dnsmasq in a live environment 
>>> minimizing downtime.  Especially regarding that the domain name 
>>> resolves one way to my lan and another way (in reverse) to the 
>>> internet?
>>>
>>> Jason Wallace
>>>
>>> _______________________________________________
>>> Dnsmasq-discuss mailing list
>>> Dnsmasq-discuss at lists.thekelleys.org.uk
>>> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>>>   
>>
>>
>
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

More information about the Dnsmasq-discuss mailing list