Registrar hosting DNS vs. myself

[John Smith]

Hello,

Couple weeks ago I asked a question regarding hosting W2k3 DNS on our
servers and the few who responded, suggested, I should let the registrar
host the DNS instead. So I went to NetSol and configured DNS.

The problem is that NetSol does not do reverse DNS, and I need this for our
MX record otherwise some mail servers will not accept transport from our
mail server. NetSol suggested to me to move my DNS to ZoneEdit.com. The
next problem is that Zoneedit says I need to have a class C IP range before
I can do reverse DNS. I only have half class C. I can probably ask our T1
provider to host our DNS for a fee, but my company does not want to spend a
dime more on this. Plus we like to have more control over our DNS.

So, here is my question: If I host my own DNS with reverse DNS for half
class C IP range, whould my reverse DNS work?

Thank you
JS

 

[Kevin D. Goodknecht Sr. [MVP]]

Hello,

Couple weeks ago I asked a question regarding hosting W2k3 DNS on our
servers and the few who responded, suggested, I should let the
registrar host the DNS instead. So I went to NetSol and configured
DNS.

The problem is that NetSol does not do reverse DNS, and I need this
for our MX record otherwise some mail servers will not accept
transport from our mail server. NetSol suggested to me to move my
DNS to ZoneEdit.com. The next problem is that Zoneedit says I need
to have a class C IP range before I can do reverse DNS. I only have
half class C. I can probably ask our T1 provider to host our DNS for
a fee, but my company does not want to spend a dime more on this.
Plus we like to have more control over our DNS.

So, here is my question: If I host my own DNS with reverse DNS for
half class C IP range, whould my reverse DNS work?

Thank you
JS

Who is Authoritative over the reverse lookup now?
Will they create a PTR for you?

 

[Herb Martin]

Hello,

Couple weeks ago I asked a question regarding hosting W2k3 DNS on our
servers and the few who responded, suggested, I should let the registrar
host the DNS instead. So I went to NetSol and configured DNS.

Correct -- all but the largest (in terms of Internet presence) companies
should generally leave their DNS at the registrar.

The problem is that NetSol does not do reverse DNS, and I need this for
our

Reverse DNS zones and Forward DNS zones (at the Registrar or elsewhere)
are totally unrelated to each other from a technical DNS sense.

All such relationship is in the minds of use humans (e.g., most of my
machines
in LearnQuick.Com are in one or few reverse zones because they "live
together" but some of them are in totally different zones because they live
on "other networks."

You pretty much MUST use the ISP (or their NAP) for the Reverse zone
and records because unless you have a large block of addresses (and
sometimes even then) since those addresses belong to the ISP (or NAP)
in most cases and they will NOT delegate.

Notice I didn't recommend leaving the Forward DNS with the ISP but
rather at the Registrar -- most Registrars let you modify your own
records (typically using a Web interface) and many ISPs don't give you
this level of control but rather require that you send individual emails
or even call them.

MX record otherwise some mail servers will not accept transport from our
mail server. NetSol suggested to me to move my DNS to ZoneEdit.com. The
next problem is that Zoneedit says I need to have a class C IP range
before I can do reverse DNS. I only have half class C. I can probably
ask our T1 provider to host our DNS for a fee, but my company does not
want to spend a dime more on this. Plus we like to have more control over
our DNS.

If you really must have control over you own reverse (which few people
REALLY need) then you must arrange for the ISP to delegate to you and
at that point I wouldn't necessarily recommend you make someone else
(e.g., a Registrar) authoritative -- notice that Registrar's do NOT sell or
register reverse zones.

So, here is my question: If I host my own DNS with reverse DNS for half
class C IP range, whould my reverse DNS work?

You will still have to be DELEGATED from the parent, which in Reverse
DNS is going to be delegated from the ISP or the ISP's NAP.

To look up an record in the full Internet, one must be able to go to the "."
(dot) root zone and find the next level, then find the next level, down to
the authoritative server for that record.

This is true whether it is a Forward record (e.g., com, country code, etc.)
or a Reverse record (in-addr.arpa or the IPv6 equivalent zone tree.)

 

[Frankster]

You had a great detailed answer by Herb Martin. I understood some of it
myself! LOL!

However, a very simple way to solve your dilemma is to ask your ISP to
configure your reverse lookup. This reverse PTR is normally done by the ISP
who sold you the IP addresses. This is virtually never done by your domain
registrar.

And... the ISP who sold you the IP addresses damn well should do this for
you for no extra charge. It is part of the IP purchase deal, in my opinion.

I think the only real mistake you are making is talking to your DNS
registrar about it. They don't need to know a thing, or be contacted at all
about this.

BTW, you are sure right about a lot of mail servers requiring a reverse DNS
entry (probably most!). That's a fact.

-Frank

 

[Herb Martin]

BTW, you are sure right about a lot of mail servers requiring a reverse

DNS entry (probably most!). That's a fact.

Some even require it to match your SMTP server HELO name
and some ISPs will set a reverse name for you but give you no
choice about that name.

In this case you must generally just set your HELO name (in the
SMTP server config) to match the one that the ISP provides
in the reverse zone.

There is no RFC that says it must match (I believe there is one
that says you must/should HAVE a reverse record) but that
won't stop some people from refusing your email if you don't have
it, and some from refusing even if you have it BUT it doesn't
match the HELO name.

I don't do this, but I do drive such connections through a Greylisting
process and additional checks.

BTW, greylisting is a GREAT anti-spam method, especially if
you only drive it with "suspicious" connections and not with
every server that sends you email.

Greylisting only those that are suspicious keeps practically
all of the advantages of Greylisting while removing almost
100% of the disadvantages.

CRM114 Markovian and Hyperspace (no kidding) filters are
my next step in removing the last .001% of spam that still
shows up.

We never reject mail based on only one, and usually not just
two criteria, but rather on multiple layers of checks.

It's gotten to the point that my filters usually no better than
I do whether the doubtful cases are spam or ham. <grin>

Yes, you can in fact get down to virtually no spam and still avoid
rejecting good email.