Reverse DNS Setup for an IP with multiple domains

reverse-dns ptr-record

I am trying to clarify my Reverse DNS PTR lookup for a domain. I have a server with a single IP addresses and multiple accounts, all sharing that IP address;

My PTR is currently:

 24.210.31.in-addr.arpa. 14400 IN PTR domainname.co.uk.

But the domain that the IP address reverses to is ns1.domainnetwork.co.uk, therefore should the PTR record on the account reference the primary returned domain rather than the account domain?

I can't seem to find any clear guidance on this with Google searching, however this question did seem to suggest that the account should reference the server domain rather than the account specific domain.

So, would having :

24.210.31.in-addr.arpa. 14400 IN PTR ns1.domainnetwork.co.uk.

in the DNS for the account give it a valid PTR record, even though this doesn't mention the account domain at all?

Edit: To clarify, the ns1.domainnetwork.co.uk is the primary name server for the domain.

UPDATE + EDIT

I have a persistent issue with this topic, and felt it best to resurrect this incompleted query than to start a new one from scratch.

All the above still holds true.

I have a server with various domains, on an IP address .xx.xx.xx.236 and xx.xx.xx.238 . I also have a single domain on its own IP address just for that doman (for the TLS certificate), which is xx.xx.xx.241 but I can't get that domain to correctly show a vaid PTR record in the DNS.

A domain on the server that works (ip address 12.34.56.236 ):

websitename.co.uk       14400 IN  A  12.34.55.236
55.34.12.in-addr.arpa.  14400 IN PTR nameserver1.network.co.uk.

the above works and gives a valid PTR feedback.

The nameserver1.network.co.uk. is the same primary name server as the domain which sits on its own IP address (12.34.56.241) but which never gives a correct PTR record.

The domain that does not give out a valid PTR record (unique IP address):

websitenameTwo.co.uk    14400 IN  A  12.34.55.241
55.34.12.in-addr.arpa.  14400 IN PTR nameserver1.network.co.uk.

What Am I missing to make this record have a valid PTR DNS record?


Solution 1:

Mail servers will cross-check your SMTP server's advertised HELO hostname against the PTR record for the connecting IP address, and then check that the returned name has an address record matching the connecting IP address. If any of these checks fail, then your outgoing mail may be rejected or marked as spam.

So, you need to set all three consistently: The server's hostname and the name in the PTR record must match, and that name must resolve to the same IP address.

Note that these do not have to be the same as the domain names for which you are sending mail, and it's common that they are not.

Solution 2:

It seems like you have misunderstood how PTR records work and what is it for. The question doesn't include any information on how you have tried to set the record:

  1. It doesn't change automatically when you chance something.example.com. A record.
  2. It can't be set within the example.com. zone but in a reverse zone like 113.0.203.in-addr.arpa.

Like described in my answer on similar question:

It depends on your ISP and your internet connection contract whether you are allowed to request for PTR record changes for your public IP, as the PTR records are managed by the registered owner of the IP block. You can do a lookup on ARIN WHOIS IP Address Database to see the actual owner.

Another answer mentions that you could "overload" PTR records i.e. have many PTR records for a single IP address. That is not recommended because PTR record is expected to identify the canonical name associated with the IP address. (See. RFC 1035, 3.5 and RFC 1912, 2.1.)

Solution 3:

You can't have the reverse (PTR) records in the same zone as your forward (A, MX, etc.) records.

They belong to two different DNS zones:

  • websitename.co.uk - forward zone. Contains A, MX, CNAME records (like websitename.co.uk 14400 IN A 12.34.55.236)
  • 55.34.12.in-addr.arpa - reverse zone, contains PTR records for all IP addresses in the range 12.34.55.x

You obviously control the forward zone, but the reverse zone is controlled by whomever owns the IP addressing range (range 12.34.55.224/28 is allocated to AT&T).

You will only have working reverse resolution once you change the PTR records in the reverse zone, you should get in contact with your hosting provider and request an update to the PTR records.

The good news is that you can have all of your reverse records configured in the same reverse zone, as long as the IP addressing is in the same subnet, for example:

236.55.34.12.in-addr.arpa.  14400 IN PTR websitename.co.uk.
236.55.34.12.in-addr.arpa.  14400 IN PTR websitenameOne.co.uk.
238.55.34.12.in-addr.arpa.  14400 IN PTR websitename.co.uk.
241.55.34.12.in-addr.arpa.  14400 IN PTR websitenameTwo.co.uk.

Note you can "overload" PTR records, i.e. have multiple names for an IP address, the same way you can have multiple IP addresses for a name (A record).

Related

Do not allow domain computers to communicate with each other
Tips for remote work?
Defragmenters useful for *nix?
Best way to create a vpn between two windows machines?
How to prevent normal users from shutting down the system?
Good book for building high performance web sites?
why can't macports find make
Running a Windows service under a domain user account
find out if disk is IDE or SATA
Linux = Is there something like a "Java Shell" instead of other linux shells?
Should static data be backed up every time to tape?
How to change primary group