Reverse DNS Lookup issues
501 views
Skip to first unread message
Anil Kumar Malladi
Feb 19, 2018, 6:37:41 PM2/19/18
to public-dns-discuss
Hi
We have Reverse DNS Lookup issues for our MX records mxgate01.cyient.com & mxgate02.cyient.com. Need help in fixing the same.
Unable to do a reverse lookup from google servers only.
> 110.76.160.224
Server: google-public-dns-a.google.com
Address: 8.8.8.8
*** google-public-dns-a.google.com can't find 110.76.160.224: Server failed
> 110.76.168.203
Server: google-public-dns-a.google.com
Address: 8.8.8.8
*** google-public-dns-a.google.com can't find 110.76.168.203: Server failed
> exit
I have no issues from other DNS servers. Please find the below.
nslookup mxgate01.cyient.com 4.2.2.1
Server: a.resolvers.level3.net
Address: 4.2.2.1
Non-authoritative answer:
Name: mxgate01.cyient.com
Address: 110.76.160.224
nslookup 110.76.160.224 208.67.222.222
Server: resolver1.opendns.com
Address: 208.67.222.222
Name: mxgate01.cyient.com
Address: 110.76.160.224
nslookup 110.76.160.224 208.67.220.220
Server: resolver2.opendns.com
Address: 208.67.220.220
Name: mxgate01.cyient.com
Address: 110.76.160.224
We have Reverse DNS Lookup issues for our MX records mxgate01.cyient.com & mxgate02.cyient.com. Need help in fixing the same.
Unable to do a reverse lookup from google servers only.
> 110.76.160.224
Server: google-public-dns-a.google.com
Address: 8.8.8.8
*** google-public-dns-a.google.com can't find 110.76.160.224: Server failed
> 110.76.168.203
Server: google-public-dns-a.google.com
Address: 8.8.8.8
*** google-public-dns-a.google.com can't find 110.76.168.203: Server failed
> exit
I have no issues from other DNS servers. Please find the below.
nslookup mxgate01.cyient.com 4.2.2.1
Server: a.resolvers.level3.net
Address: 4.2.2.1
Non-authoritative answer:
Name: mxgate01.cyient.com
Address: 110.76.160.224
nslookup 110.76.160.224 208.67.222.222
Server: resolver1.opendns.com
Address: 208.67.222.222
Name: mxgate01.cyient.com
Address: 110.76.160.224
nslookup 110.76.160.224 208.67.220.220
Server: resolver2.opendns.com
Address: 208.67.220.220
Name: mxgate01.cyient.com
Address: 110.76.160.224
Alex Dupuy
Feb 19, 2018, 6:59:03 PM2/19/18
to public-dns-discuss
The "authoritative" nameserver for the 160.76.110.in-addr.arpa reverse zone for 110.76.160.224 is not authoritative (AA) for its own zone:
$ checkdelegation 110.76.160.224
224.160.76.110.in-addr.arpa.
parent zone 110.in-addr.arpa:
160.76.110.in-addr.arpa. 86400 NS ns1.infotech4all.com.
$ checkdelegation infotech4all.com
parent zone com:
infotech4all.com. 172800 NS ns1.infotech4all.com.
infotech4all.com. 172800 NS ns2.infotech4all.com.
ns1.infotech4all.com. 172800 A 110.76.160.200
ns2.infotech4all.com. 172800 A 110.76.168.200
Note absence of AA flag in response below (it is a referral response, not an answer).
Although an IP address is provided in the additional section (and some resolvers will use that), neither Google Public DNS nor dig will do so.
$ dig +norec ns1.infotech4all.com @110.76.160.200
; <<>> DiG 9.9.7-P3 <<>> +norec ns1.infotech4all.com @110.76.160.200
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55019
;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 3
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;; AUTHORITY SECTION:
;; ADDITIONAL SECTION:
;; Query time: 337 msec
;; SERVER: 110.76.160.200#53(110.76.160.200)
;; WHEN: Mon Feb 19 18:52:17 EST 2018
;; MSG SIZE rcvd: 113
dig +trace likewise fails to resolve infotech4all.com or the reverse zone, failing with:
dig: couldn't get address for 'ns1.infotech4all.com': no more
Anil Kumar Malladi
Feb 19, 2018, 7:40:25 PM2/19/18
to public-dns-discuss
Hi Alex,
Thank you for the quick response. I don't see any records for infotech4all.com. This is decommissioned long back. Can you please check now and validate ? I am not sure on what needs to be done from my end
Regards
Anil
Alex Dupuy
Feb 19, 2018, 11:32:39 PM2/19/18
to public-dns-discuss
Well, ns1.infotech4all.com is the name server (by name) for the reverse zone. If that name cannot be resolved, you can have all the glue records in the world, and plenty of systems won't be able to resolve reverse PTR lookups, not just Google Public DNS.
Sending a PTR query for 200.160.76.110.in-addr.arpa to 110.76.160.200 returns ns1.cyient.com which does seem to resolve.
https://gwhois.org/110.76.160.200+dns agrees, and says the reverse zone and IP address block are allocated out of APNIC. So you need to contact them and tell them to update the NS records for 160.76.110.in-addr.arpa to point to ns1.cyient.com instead.
Anil Kumar Malladi
Feb 20, 2018, 12:50:01 AM2/20/18
to public-dns-discuss
Hi Alex,
Thank you for the update. We have now made sure that reverse for 200.160.76.110.in-addr.arpa to 110.76.160.200 returns ns1.cyient.com in APNIC which seems to take some time to resolve as we just changed. Let me check and get back to you after some time.
Regards
Anil Kumar
Alex Dupuy
Feb 21, 2018, 9:36:27 AM2/21/18
to public-dns-discuss
Anil wrote:
We have now made sure that reverse for 200.160.76.110.in-addr.arpa to 110.76.160.200 returns ns1.cyient.com in APNIC which seems to take some time to resolve as we just changed. Let me check and get back to you after some time.
It's fine to change PTR records, but you need to contact APNIC and get them to update the delegation for 160.76.110.in-addr.arpa. Until you do that, it won't work.
https://gwhois.org/110.76.160.200+dns agrees, and says the reverse zone and IP address block are allocated out of APNIC. So you need to contact them and tell them to update the NS records for 160.76.110.in-addr.arpa to point to ns1.cyient.com instead.
You need to get APNIC to update the NS records. Nothing else matters.
Reply all
Reply to author
Forward
0 new messages