The need for arpa zones in our external DNS

[Guest]

We just took over the responsibility for the external DNS in our company and
it currently has a number of problem that we are now trying to fix.

One question we have deals with the need for reverse lookup zones (arpa)
zones. Now we understand that MX records should have a reverse lookup
address so that mail sent from our site can be confirmed as not being spam.
As far as anything else goes I'm confused as to the need. In other word,
does anyone or application need do a reverse lookup to determine that a
specific IP address points to our FTP server (i.e. FTP1.MyCompany.com)?

We want to make sure that anything that should have a reverse lookup entry
does and then remove what is not needed.

 

[Herb Martin]

We just took over the responsibility for the external DNS in our company
and
it currently has a number of problem that we are now trying to fix.

It is generally a poor idea for any by the largest
(internet presence) companies to run their own
EXTERNAL DNS -- best left, or put back, at
the REGISTRAR in almost all cases.

But that doesn't answer your actual questions....

One question we have deals with the need for reverse lookup zones (arpa)
zones.

There is NO (DNS) relationship between your forward
zones and the reverse zones for the address records (PTR).

That relationship is ALL in the minds of us admins.

You will almost never own your "reverse zones" (unless
you own a relatively large block of addresses) and so
you must get the ISP to either update or add these.

Most ISPs just put in generic records for all addresses
today and this generally solves the problem with little
or no maintenance.

In some real sense, the ISPs own the "addresses" and
the corresponding reverse zones.

Now we understand that MX records should have a reverse lookup
address so that mail sent from our site can be confirmed as not being
spam.

Well, so that it won't be so suspicious.

As far as anything else goes I'm confused as to the need. In other word,
does anyone or application need do a reverse lookup to determine that a
specific IP address points to our FTP server (i.e. FTP1.MyCompany.com)?

Most other appications have no need or use for the
PTR reverse records. (There are exceptions but not
very common ones.)

We want to make sure that anything that should have a reverse lookup entry
does and then remove what is not needed.

You will likely have little or no control over the
reverse records and zone.

 

[W C Hull]

I'm interested in this too.

If your company does lease a block of IP addresses from an ISP, specifically
for such things as Mail Exchanger records (MX) and addresses for company
owned web sites, FTP servers etc, my question is.... When is it appropriate
to have the ISP create a reference to the company's own DNS for that block
of addresses and what, besides the reverse lookup record for the MX record,
do you put in the reverse zone for reference? In other words, if you have
the reference from the ISP setup, what should you include and not include in
the reverse zone?

We just took over the responsibility for the external DNS in our company
and
it currently has a number of problem that we are now trying to fix.

It is generally a poor idea for any by the largest
(internet presence) companies to run their own
EXTERNAL DNS -- best left, or put back, at
the REGISTRAR in almost all cases.

But that doesn't answer your actual questions....

One question we have deals with the need for reverse lookup zones (arpa)
zones.

There is NO (DNS) relationship between your forward
zones and the reverse zones for the address records (PTR).

That relationship is ALL in the minds of us admins.

You will almost never own your "reverse zones" (unless
you own a relatively large block of addresses) and so
you must get the ISP to either update or add these.

Most ISPs just put in generic records for all addresses
today and this generally solves the problem with little
or no maintenance.

In some real sense, the ISPs own the "addresses" and
the corresponding reverse zones.

Now we understand that MX records should have a reverse lookup
address so that mail sent from our site can be confirmed as not being
spam.

Well, so that it won't be so suspicious.

As far as anything else goes I'm confused as to the need. In other word,
does anyone or application need do a reverse lookup to determine that a
specific IP address points to our FTP server (i.e. FTP1.MyCompany.com)?

Most other appications have no need or use for the
PTR reverse records. (There are exceptions but not
very common ones.)

We want to make sure that anything that should have a reverse lookup
entry
does and then remove what is not needed.

You will likely have little or no control over the
reverse records and zone.

--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

 

[Herb Martin]

I'm interested in this too.

If your company does lease a block of IP addresses from an ISP,
specifically for such things as Mail Exchanger records (MX) and addresses
for company owned web sites, FTP servers etc, my question is.... When is
it appropriate to have the ISP create a reference to the company's own DNS
for that block of addresses

Anytime (unless your terms of service specifically
deny you establishing an email server etc.)

It is unreasonable for an ISP to refuse to do this if
you are allowed an SMTP server.

If they were to refuse, I would find a new ISP.

and what, besides the reverse lookup record for the MX record, do you put
in the reverse zone for reference?

Practically nothing.

The Reverse zone is technically a DNS zone like
any other so it must have an SOA record (effectively
the 'header' record for the zone) and the NS records
of the DNS servers or any delegated zones but other
than that reverse zones are largely just a bunch of
PTR records.

In other words, if you have the reference from the ISP setup, what should
you include and not include in the reverse zone?

Housekeeping (SOA etc) and PTR records.

--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

We just took over the responsibility for the external DNS in our company
and
it currently has a number of problem that we are now trying to fix.

It is generally a poor idea for any by the largest
(internet presence) companies to run their own
EXTERNAL DNS -- best left, or put back, at
the REGISTRAR in almost all cases.

But that doesn't answer your actual questions....

One question we have deals with the need for reverse lookup zones (arpa)
zones.

There is NO (DNS) relationship between your forward
zones and the reverse zones for the address records (PTR).

That relationship is ALL in the minds of us admins.

You will almost never own your "reverse zones" (unless
you own a relatively large block of addresses) and so
you must get the ISP to either update or add these.

Most ISPs just put in generic records for all addresses
today and this generally solves the problem with little
or no maintenance.

In some real sense, the ISPs own the "addresses" and
the corresponding reverse zones.

Now we understand that MX records should have a reverse lookup
address so that mail sent from our site can be confirmed as not being
spam.

Well, so that it won't be so suspicious.

As far as anything else goes I'm confused as to the need. In other
word,
does anyone or application need do a reverse lookup to determine that a
specific IP address points to our FTP server (i.e. FTP1.MyCompany.com)?

Most other appications have no need or use for the
PTR reverse records. (There are exceptions but not
very common ones.)

We want to make sure that anything that should have a reverse lookup
entry
does and then remove what is not needed.

You will likely have little or no control over the
reverse records and zone.

--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

 

[W C Hull]

So.....

What I'm hearing is that if your ISP will create a reference to your DNS
server for the static addresses lieased, the only real need for a reverse
zone and a PTR record in that zone would be for MX record. You can have as
many PTR records as addresses but having one for an MX record is somehwhat
important, correct?

I'm interested in this too.

If your company does lease a block of IP addresses from an ISP,
specifically for such things as Mail Exchanger records (MX) and addresses
for company owned web sites, FTP servers etc, my question is.... When is
it appropriate to have the ISP create a reference to the company's own
DNS for that block of addresses

Anytime (unless your terms of service specifically
deny you establishing an email server etc.)

It is unreasonable for an ISP to refuse to do this if
you are allowed an SMTP server.

If they were to refuse, I would find a new ISP.

and what, besides the reverse lookup record for the MX record, do you put
in the reverse zone for reference?

Practically nothing.

The Reverse zone is technically a DNS zone like
any other so it must have an SOA record (effectively
the 'header' record for the zone) and the NS records
of the DNS servers or any delegated zones but other
than that reverse zones are largely just a bunch of
PTR records.

In other words, if you have the reference from the ISP setup, what should
you include and not include in the reverse zone?

Housekeeping (SOA etc) and PTR records.

--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

We just took over the responsibility for the external DNS in our
company and
it currently has a number of problem that we are now trying to fix.

It is generally a poor idea for any by the largest
(internet presence) companies to run their own
EXTERNAL DNS -- best left, or put back, at
the REGISTRAR in almost all cases.

But that doesn't answer your actual questions....

One question we have deals with the need for reverse lookup zones
(arpa)
zones.

There is NO (DNS) relationship between your forward
zones and the reverse zones for the address records (PTR).

That relationship is ALL in the minds of us admins.

You will almost never own your "reverse zones" (unless
you own a relatively large block of addresses) and so
you must get the ISP to either update or add these.

Most ISPs just put in generic records for all addresses
today and this generally solves the problem with little
or no maintenance.

In some real sense, the ISPs own the "addresses" and
the corresponding reverse zones.

Now we understand that MX records should have a reverse lookup
address so that mail sent from our site can be confirmed as not being
spam.

Well, so that it won't be so suspicious.

As far as anything else goes I'm confused as to the need. In other
word,
does anyone or application need do a reverse lookup to determine that a
specific IP address points to our FTP server (i.e. FTP1.MyCompany.com)?

Most other appications have no need or use for the
PTR reverse records. (There are exceptions but not
very common ones.)

We want to make sure that anything that should have a reverse lookup
entry
does and then remove what is not needed.

You will likely have little or no control over the
reverse records and zone.

--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

 

[Herb Martin]

So.....

What I'm hearing is that if your ISP will create a reference to your DNS
server for the static addresses lieased,

And technically the reverse record doesn't have to be
for the name YOU use for the server, only that it exist
and you use this name as the HELO name (SMTP server
reported name) when you configure you SMTP server.

And there should be an A record for that same name
(which might itself not even be in YOUR zone/domain)
which you use for the MX server name (which WILL be
in your zone/domain but can point to a server name
outside.)

Many people incorrectly think the SMTP server has to
use the same name that it uses as a 'regular' (e.g.,Windows)
server OR the name of the zone/domain for which it
servers email -- but this is clearly not true since ISPs
frequently use such servers to service hundreds or more
of their customers email zone/domain names.

...the only real need for a reverse zone and a PTR record in that zone
would be for MX record.

For the name used by the MX record, which can be
set to match whatever the PTR record is already
set (e.g., by the ISP) to be.

You can have as many PTR records as addresses but having one for an MX
record is somehwhat important, correct?

Yes. Although this is not a required RFC it is common
practice for SMTP server admins to deny email from a
remote SMTP server without such a record, or which
doesn't match the HELO name, or which doesn't have an
A record etc.

These have become de facto rules for public SMTP
(outgoing) servers but not every admin enforces them
to the same level of strictness so nubies who setup
there email servers without such records may spend
a long time trying to figure out why (only) some SMTP
servers refuse the email.

--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

I'm interested in this too.

If your company does lease a block of IP addresses from an ISP,
specifically for such things as Mail Exchanger records (MX) and
addresses for company owned web sites, FTP servers etc, my question
is.... When is it appropriate to have the ISP create a reference to the
company's own DNS for that block of addresses

Anytime (unless your terms of service specifically
deny you establishing an email server etc.)

It is unreasonable for an ISP to refuse to do this if
you are allowed an SMTP server.

If they were to refuse, I would find a new ISP.

and what, besides the reverse lookup record for the MX record, do you
put in the reverse zone for reference?

Practically nothing.

The Reverse zone is technically a DNS zone like
any other so it must have an SOA record (effectively
the 'header' record for the zone) and the NS records
of the DNS servers or any delegated zones but other
than that reverse zones are largely just a bunch of
PTR records.

In other words, if you have the reference from the ISP setup, what
should you include and not include in the reverse zone?

Housekeeping (SOA etc) and PTR records.

--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

We just took over the responsibility for the external DNS in our
company and
it currently has a number of problem that we are now trying to fix.

It is generally a poor idea for any by the largest
(internet presence) companies to run their own
EXTERNAL DNS -- best left, or put back, at
the REGISTRAR in almost all cases.

But that doesn't answer your actual questions....

One question we have deals with the need for reverse lookup zones
(arpa)
zones.

There is NO (DNS) relationship between your forward
zones and the reverse zones for the address records (PTR).

That relationship is ALL in the minds of us admins.

You will almost never own your "reverse zones" (unless
you own a relatively large block of addresses) and so
you must get the ISP to either update or add these.

Most ISPs just put in generic records for all addresses
today and this generally solves the problem with little
or no maintenance.

In some real sense, the ISPs own the "addresses" and
the corresponding reverse zones.

Now we understand that MX records should have a reverse lookup
address so that mail sent from our site can be confirmed as not being
spam.

Well, so that it won't be so suspicious.

As far as anything else goes I'm confused as to the need. In other
word,
does anyone or application need do a reverse lookup to determine that
a
specific IP address points to our FTP server (i.e.
FTP1.MyCompany.com)?

Most other appications have no need or use for the
PTR reverse records. (There are exceptions but not
very common ones.)

We want to make sure that anything that should have a reverse lookup
entry
does and then remove what is not needed.

You will likely have little or no control over the
reverse records and zone.

--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]