Creating reverse authoritative zones

 

Reverse DNS is the process of resolving an IP address back to a domain name. It is commonly used for services such as email servers to verify that an IP address maps to a domain name. Reverse DNS for an IP address is configured by setting up a PTR (Pointer) record in the reverse DNS zone. This zone is named after the reversed IP address in the case of IPv4, and after the reversed nibbles of the IP address in the case of IPv6. Reverse zones can only be configured for authoritative zones.

Reverse Zones for IPv4 addresses

Follow the steps below to create reverse authoritative zones for IPv4 addresses.

Prerequisites

  • Determine the subnet for which you want to create the reverse zone.
  • Determine the authoritative DNS server for this zone.
  1. Create a reverse authoritative zone just like how you create a standard authoritative zone by selecting DNS-> Domain-> Add Domain
  2. However while entering the reverse zone name, make sure to derive it from your IP block in reverse order, followed by .in-addr.arpa. For example, for the IP block 192.168.1.0/24, the reverse zone name should be 1.168.192.in-addr.arpa.
  3. Create PTR (Pointer) records within the reverse zone. PTR records map the IP addresses within your network block to the corresponding domain names. Each record will correlate an IP address to a hostname, with the IP address portion written in reverse.
  4. You can enable DDNS Dynamic updates. Ensure the DHCP server is in the same network as the Zone. This automates the creation of PTR records, configure the DHCP options to allow dynamic updates from the DHCP server to the domain.
  5. If you want to secure the reverse zone with DNS Security Extensions (DNSSEC), you can sign the zone to generate the necessary keys and signing policies.
  6. Click Save to save your new reverse zone configuration.
  7. Perform reverse DNS lookups on IP addresses within the network block to ensure that the PTR records are correctly resolving to their respective domain names.

Reverse Zones for IPv6 addresses

PFor IPv6 addresses, the process is similar to IPv4, but the notation and the domain used for reverse DNS delegation are different. The domain used for IPv6 reverse DNS is .ip6.arpa.

Here is how you derive the reverse zone name from an IPv6 address block: Let's say you have an IPv6 address block of 2001:0db8:85a3::/48. To create a reverse zone name for this block:

  1. Expand the IPv6 Address: Write out the full IPv6 address, filling in any omitted sections with zeros.
  2. Expanded IPv6 Address: 2001:0db8:85a3:0000:0000:0000:0000:0000
  3. Remove the bits beyond the prefix length: Since the prefix is /48, you keep only the first 48 bits (which correspond to the first three blocks of the IPv6 address).
  4. Address Prefix: 2001:0db8:85a3
  5. Reverse the nibbles: Split the address into individual hexadecimal digits (nibbles), and write them in reverse order. Each hexadecimal digit corresponds to four bits.
  6. Reversed nibbles: 3.a.5.8.8.b.d.0.1.0.0.2
  7. Add the .ip6.arpa domain: Append this reversed string of nibbles to .ip6.arpa.
  8. Reverse Zone Name: 3.a.5.8.8.b.d.0.1.0.0.2.ip6.arpa
+-
Back to Top