Checking PTR records

[W Dean]

Hi,

I've set up a reverse lookup zone on my win 2003 dns for the 64.239.115.x
subnet and put in PTR records for the domains ips 64.239.115.10 and 8 (and
its been online for about 3 to 4 days). However, when I try and use
www.dnsstuff.com to try and check them its reporting that 'no PTR records
exists'.

Anyone got a basic checklists of things that could be causing the problem?

W Dean

 

[Kevin D. Goodknecht Sr. [MVP]]

In

Hi,

I've set up a reverse lookup zone on my win 2003 dns for
the 64.239.115.x subnet and put in PTR records for the
domains ips 64.239.115.10 and 8 (and its been online for
about 3 to 4 days). However, when I try and use
www.dnsstuff.com to try and check them its reporting that
'no PTR records exists'.

Anyone got a basic checklists of things that could be
causing the problem?

Aren't these PTRs correct?

Asking ns.dialtoneinternet.net. for 8.115.239.64.in-addr.arpa PTR record:
Reports ns12.m19hosts.com. [from 216.87.222.2]

Answer:
64.239.115.8 PTR record: ns12.m19hosts.com. [TTL 3600s] [A=64.239.115.8]

Asking ns2.dialtoneinternet.net. for 10.115.239.64.in-addr.arpa PTR record:
Reports ns1.m19hosts.com. [from 216.87.223.253]

Answer:
64.239.115.10 PTR record: ns1.m19hosts.com. [TTL 3600s] [A=64.239.115.10]

 

[Ed Horley]

I checked also, Kevin's results are the same as mine. Is this what you have
published in your records? Your ISP has delegated reverse DNS for your IP
block to you, correct? If not, then you need to get that set up first. If
your address block is smaller then a /24 you will need to get a zone
delegation per RFC 2317 or use the DeGroot hack (same thing just different
format). If you have questions on how to set that up just post and Kevin or
I can help you with it.

Regards,
Ed Horley
Microsoft MVP Server-Networking

---------------------

[ehorley@localhost]$ dig @ns.dialtoneinternet.net -x 64.239.115.10

; <<>> DiG 9.2.1 <<>> @ns.dialtoneinternet.net -x 64.239.115.10
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22679
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;10.115.239.64.in-addr.arpa. IN PTR

;; ANSWER SECTION:
10.115.239.64.in-addr.arpa. 3600 IN PTR ns1.m19hosts.com.

;; AUTHORITY SECTION:
115.239.64.in-addr.arpa. 3600 IN NS ns2.dialtoneinternet.net.
115.239.64.in-addr.arpa. 3600 IN NS ns.dialtoneinternet.net.

;; ADDITIONAL SECTION:
ns.dialtoneinternet.net. 3600 IN A 216.87.222.2
ns2.dialtoneinternet.net. 3600 IN A 216.87.223.253

;; Query time: 61 msec
;; SERVER: 216.87.222.2#53(ns.dialtoneinternet.net)
;; WHEN: Fri Jan 21 06:07:43 2005
;; MSG SIZE rcvd: 161

[ehorley@localhost]$ dig @ns.dialtoneinternet.net -x 64.239.115.8

; <<>> DiG 9.2.1 <<>> @ns.dialtoneinternet.net -x 64.239.115.8
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44621
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;8.115.239.64.in-addr.arpa. IN PTR

;; ANSWER SECTION:
8.115.239.64.in-addr.arpa. 3600 IN PTR ns12.m19hosts.com.

;; AUTHORITY SECTION:
115.239.64.in-addr.arpa. 3600 IN NS ns.dialtoneinternet.net.
115.239.64.in-addr.arpa. 3600 IN NS ns2.dialtoneinternet.net.

;; ADDITIONAL SECTION:
ns.dialtoneinternet.net. 3600 IN A 216.87.222.2
ns2.dialtoneinternet.net. 3600 IN A 216.87.223.253

;; Query time: 62 msec
;; SERVER: 216.87.222.2#53(ns.dialtoneinternet.net)
;; WHEN: Fri Jan 21 06:17:38 2005
;; MSG SIZE rcvd: 161

 

[W Dean]

Hi,

Thanks for the reply, those values look right m19hosts.com. I was also
trying to check the PTR for m19.co.uk which is another zone thats hosted on
that DNS. And couldn't get a result for that.
Could you check that also?

Thanks

W Dean

I checked also, Kevin's results are the same as mine. Is this what you have
published in your records? Your ISP has delegated reverse DNS for your IP
block to you, correct? If not, then you need to get that set up first. If
your address block is smaller then a /24 you will need to get a zone
delegation per RFC 2317 or use the DeGroot hack (same thing just different
format). If you have questions on how to set that up just post and Kevin or
I can help you with it.

Regards,
Ed Horley
Microsoft MVP Server-Networking

---------------------

[ehorley@localhost]$ dig @ns.dialtoneinternet.net -x 64.239.115.10

; <<>> DiG 9.2.1 <<>> @ns.dialtoneinternet.net -x 64.239.115.10
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22679
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;10.115.239.64.in-addr.arpa. IN PTR

;; ANSWER SECTION:
10.115.239.64.in-addr.arpa. 3600 IN PTR ns1.m19hosts.com.

;; AUTHORITY SECTION:
115.239.64.in-addr.arpa. 3600 IN NS ns2.dialtoneinternet.net.
115.239.64.in-addr.arpa. 3600 IN NS ns.dialtoneinternet.net.

;; ADDITIONAL SECTION:
ns.dialtoneinternet.net. 3600 IN A 216.87.222.2
ns2.dialtoneinternet.net. 3600 IN A 216.87.223.253

;; Query time: 61 msec
;; SERVER: 216.87.222.2#53(ns.dialtoneinternet.net)
;; WHEN: Fri Jan 21 06:07:43 2005
;; MSG SIZE rcvd: 161

[ehorley@localhost]$ dig @ns.dialtoneinternet.net -x 64.239.115.8

; <<>> DiG 9.2.1 <<>> @ns.dialtoneinternet.net -x 64.239.115.8
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44621
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;8.115.239.64.in-addr.arpa. IN PTR

;; ANSWER SECTION:
8.115.239.64.in-addr.arpa. 3600 IN PTR ns12.m19hosts.com.

;; AUTHORITY SECTION:
115.239.64.in-addr.arpa. 3600 IN NS ns.dialtoneinternet.net.
115.239.64.in-addr.arpa. 3600 IN NS ns2.dialtoneinternet.net.

;; ADDITIONAL SECTION:
ns.dialtoneinternet.net. 3600 IN A 216.87.222.2
ns2.dialtoneinternet.net. 3600 IN A 216.87.223.253

;; Query time: 62 msec
;; SERVER: 216.87.222.2#53(ns.dialtoneinternet.net)
;; WHEN: Fri Jan 21 06:17:38 2005
;; MSG SIZE rcvd: 161

Hi,

I've set up a reverse lookup zone on my win 2003 dns for the 64.239.115.x
subnet and put in PTR records for the domains ips 64.239.115.10 and 8 (and
its been online for about 3 to 4 days). However, when I try and use
www.dnsstuff.com to try and check them its reporting that 'no PTR records
exists'.

Anyone got a basic checklists of things that could be causing the problem?

W Dean

 

[Ed Horley]

I don't quite understand what you mean by "trying to check the PTR for
m19.co.uk" as PTR records are generally associated with a entry for a single
IP address. It is rare to set up multiple PTR's in a reverse zone for a
single IP address as it sort of defeats the purpose of the entry. Just like
A records in your forward zone there should be a one to one correlation of
the PTR record to a single IP address. Therefore put in the reverse PTR
value whatever entry you have for the A record.
So if you have published in example.com:
sample.example.com. IN A 192.168.1.2

Then in 1.168.192.in-addr.arpa. you should have:
2 IN PTR sample.example.com

you might have CNAMEs all over the place pointing to sample.example.com but
really the PTR should point to sample.example.com. This is especially true
for MX records. Any entry you build out for MX records should only use A
record entries and not CNAME entries at all. Some older MTA's will not be
able to resolve to the IP address of your mail server and won't be able to
deliver e-mail to your domain.

So, with all that said, can you clarify a bit what you are trying to do?

Regards,
Ed Horley
Microsoft MVP Server-Networking

Hi,

Thanks for the reply, those values look right m19hosts.com. I was also
trying to check the PTR for m19.co.uk which is another zone thats hosted
on
that DNS. And couldn't get a result for that.
Could you check that also?

Thanks

W Dean

I checked also, Kevin's results are the same as mine. Is this what you have
published in your records? Your ISP has delegated reverse DNS for your
IP
block to you, correct? If not, then you need to get that set up first. If
your address block is smaller then a /24 you will need to get a zone
delegation per RFC 2317 or use the DeGroot hack (same thing just
different
format). If you have questions on how to set that up just post and Kevin or
I can help you with it.

Regards,
Ed Horley
Microsoft MVP Server-Networking

---------------------

[ehorley@localhost]$ dig @ns.dialtoneinternet.net -x 64.239.115.10

; <<>> DiG 9.2.1 <<>> @ns.dialtoneinternet.net -x 64.239.115.10
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22679
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;10.115.239.64.in-addr.arpa. IN PTR

;; ANSWER SECTION:
10.115.239.64.in-addr.arpa. 3600 IN PTR ns1.m19hosts.com.

;; AUTHORITY SECTION:
115.239.64.in-addr.arpa. 3600 IN NS ns2.dialtoneinternet.net.
115.239.64.in-addr.arpa. 3600 IN NS ns.dialtoneinternet.net.

;; ADDITIONAL SECTION:
ns.dialtoneinternet.net. 3600 IN A 216.87.222.2
ns2.dialtoneinternet.net. 3600 IN A 216.87.223.253

;; Query time: 61 msec
;; SERVER: 216.87.222.2#53(ns.dialtoneinternet.net)
;; WHEN: Fri Jan 21 06:07:43 2005
;; MSG SIZE rcvd: 161

[ehorley@localhost]$ dig @ns.dialtoneinternet.net -x 64.239.115.8

; <<>> DiG 9.2.1 <<>> @ns.dialtoneinternet.net -x 64.239.115.8
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44621
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;8.115.239.64.in-addr.arpa. IN PTR

;; ANSWER SECTION:
8.115.239.64.in-addr.arpa. 3600 IN PTR ns12.m19hosts.com.

;; AUTHORITY SECTION:
115.239.64.in-addr.arpa. 3600 IN NS ns.dialtoneinternet.net.
115.239.64.in-addr.arpa. 3600 IN NS ns2.dialtoneinternet.net.

;; ADDITIONAL SECTION:
ns.dialtoneinternet.net. 3600 IN A 216.87.222.2
ns2.dialtoneinternet.net. 3600 IN A 216.87.223.253

;; Query time: 62 msec
;; SERVER: 216.87.222.2#53(ns.dialtoneinternet.net)
;; WHEN: Fri Jan 21 06:17:38 2005
;; MSG SIZE rcvd: 161

Hi,

I've set up a reverse lookup zone on my win 2003 dns for the 64.239.115.x
subnet and put in PTR records for the domains ips 64.239.115.10 and 8 (and
its been online for about 3 to 4 days). However, when I try and use
www.dnsstuff.com to try and check them its reporting that 'no PTR records
exists'.

Anyone got a basic checklists of things that could be causing the problem?

W Dean

 

[W Dean]

Hi,

I'm using host headers in IIS to host multiple websites on the same IP
address. My forward DNS zones reflect this. So I have several zones set up
as follows:

@ NS ns1.m19hosts.com.
ns1.m19hosts.com. A 64.239.115.10
@ NS ns12.m19hosts.com.
ns12.m19hosts.com. A 64.239.115.8

;
; Zone records
;

@ A 64.239.115.10
@ MX 10 mail.m19hosts.com.
www CNAME somedomain.co.uk.

The 'primary' domain has the following configuration:
;
; Zone NS records
;
@ NS ns1.m19hosts.com.
@ NS ns12.m19hosts.com.
;
; Zone records
;
@ A 64.239.115.10
@ MX 10 mail.m19hosts.com.
mail A 64.239.115.8
ns1 A 64.239.115.10
ns12 A 64.239.115.8
www CNAME m19hosts.com.

This seems to work ok with regards to the hosted websites. But I was trying
to set up PTR records for my hosted domains so that mail would go through
ok. However, I didn't know that you could only have one PTR per IP address
so I had my reverse look up zone as follows:

;
; Database file 115.239.64.in-addr.arpa.dns for 115.239.64.in-addr.arpa
zone.
; Zone version: 31
;
@ IN SOA ns1.m19hosts.com. admin.m19hosts.com. (
31 ; serial number
900 ; refresh
600 ; retry
86400 ; expire
3600 ) ; default TTL
;
; Zone NS records
;
@ NS ns1.m19hosts.com.
ns1.m19hosts.com. A 64.239.115.10
@ NS ns12.m19hosts.com.
ns12.m19hosts.com. A 64.239.115.8
;
; Zone records
;
10 PTR m19hosts.com.
PTR ns1.m19hosts.com.
PTR firstdomain.com.
PTR seconddomain.com.
..
..
..

Presumably, this is the wrong setup. So how should I configure it?

Thanks for your help.

W Dean

I don't quite understand what you mean by "trying to check the PTR for
m19.co.uk" as PTR records are generally associated with a entry for a single
IP address. It is rare to set up multiple PTR's in a reverse zone for a
single IP address as it sort of defeats the purpose of the entry. Just like
A records in your forward zone there should be a one to one correlation of
the PTR record to a single IP address. Therefore put in the reverse PTR
value whatever entry you have for the A record.
So if you have published in example.com:
sample.example.com. IN A 192.168.1.2

Then in 1.168.192.in-addr.arpa. you should have:
2 IN PTR sample.example.com

you might have CNAMEs all over the place pointing to sample.example.com but
really the PTR should point to sample.example.com. This is especially true
for MX records. Any entry you build out for MX records should only use A
record entries and not CNAME entries at all. Some older MTA's will not be
able to resolve to the IP address of your mail server and won't be able to
deliver e-mail to your domain.

So, with all that said, can you clarify a bit what you are trying to do?

Regards,
Ed Horley
Microsoft MVP Server-Networking

Hi,

Thanks for the reply, those values look right m19hosts.com. I was also
trying to check the PTR for m19.co.uk which is another zone thats hosted
on
that DNS. And couldn't get a result for that.
Could you check that also?

Thanks

W Dean

I checked also, Kevin's results are the same as mine. Is this what you have
published in your records? Your ISP has delegated reverse DNS for your
IP
block to you, correct? If not, then you need to get that set up first. If
your address block is smaller then a /24 you will need to get a zone
delegation per RFC 2317 or use the DeGroot hack (same thing just
different
format). If you have questions on how to set that up just post and

Kevin
or

I can help you with it.

Regards,
Ed Horley
Microsoft MVP Server-Networking

---------------------

[ehorley@localhost]$ dig @ns.dialtoneinternet.net -x 64.239.115.10

; <<>> DiG 9.2.1 <<>> @ns.dialtoneinternet.net -x 64.239.115.10
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22679
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;10.115.239.64.in-addr.arpa. IN PTR

;; ANSWER SECTION:
10.115.239.64.in-addr.arpa. 3600 IN PTR ns1.m19hosts.com.

;; AUTHORITY SECTION:
115.239.64.in-addr.arpa. 3600 IN NS ns2.dialtoneinternet.net.
115.239.64.in-addr.arpa. 3600 IN NS ns.dialtoneinternet.net.

;; ADDITIONAL SECTION:
ns.dialtoneinternet.net. 3600 IN A 216.87.222.2
ns2.dialtoneinternet.net. 3600 IN A 216.87.223.253

;; Query time: 61 msec
;; SERVER: 216.87.222.2#53(ns.dialtoneinternet.net)
;; WHEN: Fri Jan 21 06:07:43 2005
;; MSG SIZE rcvd: 161

[ehorley@localhost]$ dig @ns.dialtoneinternet.net -x 64.239.115.8

; <<>> DiG 9.2.1 <<>> @ns.dialtoneinternet.net -x 64.239.115.8
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44621
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;8.115.239.64.in-addr.arpa. IN PTR

;; ANSWER SECTION:
8.115.239.64.in-addr.arpa. 3600 IN PTR ns12.m19hosts.com.

;; AUTHORITY SECTION:
115.239.64.in-addr.arpa. 3600 IN NS ns.dialtoneinternet.net.
115.239.64.in-addr.arpa. 3600 IN NS ns2.dialtoneinternet.net.

;; ADDITIONAL SECTION:
ns.dialtoneinternet.net. 3600 IN A 216.87.222.2
ns2.dialtoneinternet.net. 3600 IN A 216.87.223.253

;; Query time: 62 msec
;; SERVER: 216.87.222.2#53(ns.dialtoneinternet.net)
;; WHEN: Fri Jan 21 06:17:38 2005
;; MSG SIZE rcvd: 161

Hi,

I've set up a reverse lookup zone on my win 2003 dns for the 64.239.115.x
subnet and put in PTR records for the domains ips 64.239.115.10 and 8 (and
its been online for about 3 to 4 days). However, when I try and use
www.dnsstuff.com to try and check them its reporting that 'no PTR records
exists'.

Anyone got a basic checklists of things that could be causing the problem?

W Dean

 

[Kevin D. Goodknecht Sr. [MVP]]

In

Hi,

I'm using host headers in IIS to host multiple websites
on the same IP address. My forward DNS zones reflect
this. So I have several zones set up as follows:

@ NS ns1.m19hosts.com.
ns1.m19hosts.com. A 64.239.115.10
@ NS ns12.m19hosts.com.
ns12.m19hosts.com. A 64.239.115.8

;
; Zone records
;

@ A 64.239.115.10
@ MX 10 mail.m19hosts.com.
www CNAME somedomain.co.uk.

The 'primary' domain has the following configuration:
;
; Zone NS records
;
@ NS ns1.m19hosts.com.
@ NS ns12.m19hosts.com.
;
; Zone records
;
@ A 64.239.115.10
@ MX 10 mail.m19hosts.com.
mail A 64.239.115.8
ns1 A 64.239.115.10
ns12 A 64.239.115.8
www CNAME m19hosts.com.

This seems to work ok with regards to the hosted
websites. But I was trying to set up PTR records for my
hosted domains so that mail would go through ok. However,
I didn't know that you could only have one PTR per IP
address so I had my reverse look up zone as follows:

;
; Database file 115.239.64.in-addr.arpa.dns for
115.239.64.in-addr.arpa zone.
; Zone version: 31
;
@ IN SOA ns1.m19hosts.com.
admin.m19hosts.com. ( 31
; serial number 900 ;
refresh 600 ; retry
86400 ; expire
3600 ) ; default TTL
;
; Zone NS records
;
@ NS ns1.m19hosts.com.
ns1.m19hosts.com. A 64.239.115.10
@ NS ns12.m19hosts.com.
ns12.m19hosts.com. A 64.239.115.8
;
; Zone records
;
10 PTR m19hosts.com.
PTR ns1.m19hosts.com.
PTR firstdomain.com.
PTR seconddomain.com.
.
.
.

Presumably, this is the wrong setup. So how should I
configure it?

The only PTR you need is fror the mail server IP, the PTR should give the
mail server name in the helo greeting and there should be an "A" record for
the name. CNAMES not allowed in MX records or NS records. PTR records are
not required for NS records or websites.

 

[Ed Horley]

I second that, just get the PTR record set up for your mail server. rDNS
checks for legit mail servers is common practice now. I would not bother
with PTR's for your website. You might want to set them up for your name
servers if they are the only service hosted on those IP addresses.

Hope it all works.

Regards,
Ed Horley
Microsoft MVP Server-Networking

 

[W Dean]

In

The only PTR you need is fror the mail server IP, the PTR should give the
mail server name in the helo greeting and there should be an "A" record for
the name. CNAMES not allowed in MX records or NS records. PTR records are
not required for NS records or websites.

Thanks for your help. I've updated my DNS records now.

W Dean