Small Question about rDNS

[sykotic1]

First of all response times have been amazing; I really mean that I never saw such good support from Jag

Since I love their job and I'm always curious I was just wondering what they had to do to setup rDNS for my VPS?

I'm asking because I have heard of providers delegating rDNS setup to their clients even for a VPS.

I have also heard that the BIND that runs on a VPS will completely ignore a rDNS PTR record.

Another thing confusing me is I can see the named.conf has always had a zone for "correctiphere.in-addr.arpa".

What actually alerted me to the problem was Comcast starting to recently reject mail failing rDNS



I found a great post on the Jag forums about the owners of the IP; and other good articles explaining rDNS.

This is a dumb question but are there PTR records for the Node that I don't have control over?

I have worked on dedicated machines where this still had to be setup by the provider so I'm just curious.

Thanks for reading my rambling Jag was super fast at getting this done I'm just dying to learn more.

[JPC-Shaun]

Thanks for the appreciation and showing confidence in JaguarPC.
Usually the RDNS is setup for the main shared IP of the server against the host name of the VPS on our Name servers , clients can also request RDNS for other IPs and we can setup these also as per their request. You cannot do this at your end.

In order to add the RDNS for any IP (Owned by JAG) we request you to please open a ticket in the support department and we will do this for you.

[sykotic1]

Very interesting. I think I understand what you mean because the diagnostic tools online were checking your name servers.

I think I have a gap in my understanding of DNS as controlled from the VPS side and what nameservers are authoritative for it.

For example, I have two exclusive IPs set aside for the nameserver A records for my domain (ns1.mydomain.com and ns2.mydomain.com).

I suppose though that with a non-dedicated machine there isn't much point in doing this; I could just as easily use Jag's nameservers right?

I'm just wondering what the point is of having these DNS settings in my Parallels Plesk panel or controllable for a VPS via SSH etc. I know some of the DNS records were required before the domain would be active.

It seems that rDNS is more dependant on the Node's nameservers and the actual machine hosting the many VPS's it might have or something.

I'm going to go on a search for how DNS works with a VPS setup just because I'm wondering. You guys already got me setup and my rDNS has propagated just fine which is awesome. Teach me master!

Nathaniel

[JPC-Shaun]

When you register a domain name with a domain registrar, you usually become responsible for that Forward DNS domain. In DNS terms, the domain is delegated to you.

However, you are NOT also responsible for your reverse records. Your Reverse DNS records are still most likely to be the responsibility of your hosting facility or ISP.

So to make any changes to your Reverse DNS PTR records, you must contact the company where you get your IP addresses from, and in your case the IPs are a owned by JaguarPC , so you shall have to ask us to make any Changes in the RDNS.

[sykotic1]

So to make any changes to your Reverse DNS PTR records, you must contact the company where you get your IP addresses from, and in your case the IPs are a owned by JaguarPC , so you shall have to ask us to make any Changes in the RDNS.

Definitely I know that one and JaguarPC already set it up so I'm just asking about the technical details behind it for peace of mind.

I have yet to find a good article talking about how the IPs assigned to a VPS are related to the Node host and how it plays into it.

You have cleared this up for me a little by focusing on the ownership and delegation of the IPs and the issue of rDNS related to the Node.

I know it all has to do with how the outside world sees the machine; but I have also found it involves the process of rDNS itself.

I wish I saved the link to this one site I found. It had a completely understandable breakdown of a rDNS request that might help me see how the Node's PTR records are important in this regard.

Like an idiot I lost the link; but thanks for helping explain some of this to me I'm happy I can use you guys as a resource.

Nathaniel

[sykotic1]

Almost forgot this is one neat little link I had open from last night: http://www.tech-faq.com/reverse-dns.shtml.

Looks like you were right Isn't Google a wonderful thing? My confusion is about that last part:

Alternatively, your ISP or hosting company may delegate a range of IP addresses to you, in which case you must configure Reverse DNS and PTR records in your DNS server.

I already setup two exclusive IPs as nameservers for my domain so it's that part; and then understanding that the Node and JaguarPC itself has their own DNS servers; and how that plays into the rDNS request; that is pretty much stumping me.

Now if I can find that link breaking down the rDNS request again I can close these gaps I have in my understanding.

It was about 3am last night when I was looking into this to build my knowledge up so I'll have to search again when I'm not so tired.

[sykotic1]

As a final followup to this thread I wanted to post the link which I was able to re-discover which I think sheds the best light on this:

http://www.crucialp.com/resources/tu...works-rdns.php

Adding to my prior rambling; and in support of this article and thread; the provider or owner of the IP addresses has the choice.

Most of us can verify this through a simple nslookup to check the authoritative nameservers for a particular IP.

As the article explains the provider could give authority to the DNS servers of their client; as just for reference I do have two exclusive IPs I am paying JaguarPC for regularly which BIND is referencing as ns1.domain.com and ns2.domain.com, pretty simple stuff.

Of course as it also explains the other and perhaps easier choice is to use their own DNS; which I would only assume for a larger provider like JaguarPC would allow for more congruity; less hassle; and just a plain simpler process than the former.

I had also read discussions where other issues such as the possibility of abuse etc. come into play but there are a few; albeit controversial; reasons why you might wish to say redirect to a domain that is not under your control.

In any case I hope this helps someone out who might be wishing to understand how this all comes together and has gaps in their knowledge as I do. Long story short JaguarPC as a provider will handle it through their DNS and there are good enough reasons why.

I suppose my only contention was that; regardless JaguarPC owns all of the IPs I am paying for, and it does appear that they could be authoritative for the address if JaguarPC would do what they need to for this setup. The article doesn't go into much detail but it involves their root systems / Nodes.

Unless this is superceded by the nature of the VPS setup or something else I am just misunderstanding; I would guess the best advisement would be that it's not the most efficient thing to do (in several ways...), which is probably the best reason of all to let the provider handle it themselves.

[sykotic1]

..and so I suppose I should've just asked how a provider or owner of IP addresses delegates nameserver authority to a client who pays for their use.

I'm not saying JaguarPC does this, or that it is possible with a VPS setup, just wondering about that specific situation; if it must be full dedicated etc.

The article addresses this in a general manner by explaining the following logic which; if OK for a VPS; should apply:

If you can comprehend the above paragraphs (which takes some time), you'll understand the biggest problem
that people have with reverse DNS entries. The biggest problem people have is that they have DNS servers
that work fine with their domains (standard DNS), they add reverse DNS entries to those servers, and it
doesn't work. If you understand the above paragraphs, you'll see the problem: If your ISP doesn't know that
you have DNS servers to handle the reverse DNS for your IPs, they won't send that information to the root
servers, and nobody will even get to your DNS servers for reverse DNS looksups.

Thanks for looking,

Nathaniel

[Ron]

So, to put a bow on this, if I ask Jag to make an entry making me the owner of my IP addresses they can do that pretty easily?

Is this something that JAG is doing/would do for their clients?

I would love for my IP addresses to say that they "belong" to me, rather than JAG.

[JPC-Masood]

So, to put a bow on this, if I ask Jag to make an entry making me the owner of my IP addresses they can do that pretty easily?

Is this something that JAG is doing/would do for their clients?

I would love for my IP addresses to say that they "belong" to me, rather than JAG.

It could be a possibility if you have a long term contract signed (e.g. 1 year) and purchase at least class C (256 IPs).

[sykotic1]

It could be a possibility if you have a long term contract signed (e.g. 1 year) and purchase at least class C (256 IPs).

Just wondering; I realize Ron advised he was putting a little twist on it; but at the heart here I was only curious about these additional IPs I'm paying for; the fact that I have two exclusive IPs set aside for ns1.domain.com and ns2.domain.com; and wondering if Jag could reference them in their DNS records (again per the article etc.) as authoritative for the domain; if it is possible I mean.

I realize this is a lot of rambling and questioning (sorry ) but, that would make me responsible for the rDNS entries correct? It seems so anyhow. And anyways I pay monthly for the IPs so I don't consider myself to be owning them regardless of the entries Jag could possibly make to set these IPs I have as authoritative nameservers.

Again not that this is the most efficient or easy thing to do but; is this more of a policy issue with providers like Jag that either choose or choose not to let IPs their clients "own" or "lease" actually be authoritative?

I wouldn't argue the point at all this is all about my understanding and curiosity so if you said no we do it this way because we want to I'm not going to question that.

But it seems it could be situational; as in this case where I had Jag throw me these additional IPs it isn't like they're totally under my control or anything, right?

Don't get me wrong I understand the possibility for abuse for anyone who has control of rDNS entries. I'm just picking your brain because I thought at first the reasons for not doing so were more technical involving the VPS setup.

I suppose my initial reaction to the advisement that Jag "must do it" was that it conflicts with the technical possibilities of letting the client maintain authoritative nameservers themselves which seems entirely possible.

Just wondering is all. I still feel it to be better policy/practice for any serious provider to handle it themselves for something like nameservers and I have no good reason to push for anything more complicated. Thanks for all the input I really appreciate the help and you guys always put up with my rambling so keep it coming!

Nathaniel

[sykotic1]

The more I think about it my misunderstanding might be in just what "designating an authoritative nameserver" really means. Bear with me on this I'm definitely learning.

If it implies ownership then that's my fault I can understand then that Jaguar owns them and must maintain authority to maintain ownership etc.

It would be interesting to know if denying this is just policy or if it is more a result of the claim on the IPs and agreements that JaguarPC has with other companies.

I wouldn't know in part because I don't know how they acquire or gain ownership of their IPs. And I hate to pry but hey I'm inquisitive.

Thanks again for the input,

Nathaniel

[JPC-Masood]

There are two things being discussed here. IP ownership and delegating rDNS.

IP ownership is administrative work and has to be done at ARIN level. You'll probably have to sign a contract and take legal responsiblities of the IP space etc. I don't think it can be done randomly for certain IPs. It has be done in block of IPs. Additionally we don't "sell" IP space. We only lease them out to you for your hosting needs. We are responsible for those IPs on how they are being used.

rDNS on the other hand can be delegated further down to name servers. However for just couple of IPs it will be very costly to maintain in terms of time. rDNS does not change frequently, therefore again has no benefit to delegate it for couple of IPs. If you were leasing 256 IPs and were changing rDNS frequently, then it would make sense to delegate rDNS to you so you can manage it yourself instead of asking support to make changes so often.

Whether your name server replies to rDNS query or the provider's, for the end user it makes no difference. In fact if its at provider, it will have less name servers to query to reach the rDNS setting, resulting in a faster response.

[sykotic1]

However for just couple of IPs it will be very costly to maintain in terms of time. rDNS does not change frequently, therefore again has no benefit to delegate it for couple of IPs.

I had to think for a second about what you meant here. Because if it does not change frequently I don't see how letting the client set their rDNS records; even if only for a few IPs; would be that terribly costly.

I mean it just needs setup from the forward DNS which could be a simple request and then this delegation as it were means the client needs to set their own rDNS records.

But when I think of it in grander terms it seems that you're saying there's no need for a client with only a few IPs to even maintain their own nameservers.

I can appreciate that. Like I said it was more about the possibility of it that had me wondering. I didn't really understand about why a policy like that might exist.

When you introduced the idea of a client that needs to change rDNS more often and would better necessitate that level of control it all made perfect sense.

After this I'm thinking that using two exclusive IPs as nameservers for anything less than a full on dedicated setup probably can't be well justified.

Not concerned with ownership of the IPs (just thought it might have had something to do with the policy). It seems to be a good policy and it makes sense with your explanation. But perhaps I don't need to lease so many additional IPs.

In fact, I can't see any good reason at all to have nameservers resolve to the VPS itself or it's exclusive IPs for DNS unless someone wants to learn; see their domain show in queries; or has no outside DNS; without even getting into rDNS discussion.

My problem as you can probably tell is I'm terribly neurotic; I love to learn; and I like seeing my domain name all over the place. Although I suppose nowadays I should be more worried about the cost like you said.

Great thoughts it helped.

Nathaniel

[Ron]

As a reseller, one might not want your host's name to show up on queries.