0

Fairly noobish question, kind of ashamed to be asking ;-)

At any rate, I'm using a commercial control panel (similar to Plesk) that I use to manage DNS. I have ns1.example.com setup with the registrar, and a secondary ns with zoneedit -- both point to a public ip in my /27.

The name server lives behind a Cisco ASA; transferred the example.com site to the new server, everything works fine; however, it occurred to me just now: I need to get the colo facility to provide reverse DNS on example.com, and I have the example.com site on a different public ip than ns1.example.com

Have I screwed the pooch or is this in fact the correct approach? i.e. name server listens on its own dedicated ip with just port 53 udp traffic open, and then all domains handled by the name server live on different public ips?

Would appreciate a good word here before I blindly try to fix what may not be broken ;-)

Thanks

Joel Coel
  • 12,932
  • 14
  • 62
  • 100
virtualeyes
  • 675
  • 3
  • 12
  • 28
  • 1
    Never be ashamed of asking a question about something you don't know. None of us are born with any knowledge... of anything. – joeqwerty Oct 14 '11 at 14:16
  • That is well said, but I'm not really ashamed ;-) Helps to phrase the question, however, and, given that I do have some pot-holish knowledge of the subject matter, it is a silly question. +1 for the philosophical reply, technology is indeed by-and-large acquired and not intuited (i.e. unlike innate athletic or musical ability) – virtualeyes Oct 14 '11 at 15:47
  • pot-holish... I'll have to remember that one... – joeqwerty Oct 14 '11 at 15:53

2 Answers2

1

Reverse DNS is not required for anything but mail servers, due to spam checking there. However it does help identify what a IP is used for. Name servers and Web servers may live on different IP's. it seems your setup is fine.

Flash
  • 1,310
  • 7
  • 13
  • meh, you get the nod ;-) – virtualeyes Oct 14 '11 at 15:48
  • *Techically* you are **totally wrong**. Internet Rules (RFC 1033, RFC 1912 Section 2.1) specify that "Every Internet-reachable host should have a name" and that such names match with a reverse pointer record. – Lazy Badger Oct 14 '11 at 23:05
0

all domains handled by the name server live on different public ips?

  1. Domain can't "live on IP" - domain is a family of hosts, which can live on different and even unrelated IPs.

  2. DNS and reverse-DNS are the areas of unrelated (in common) responsibility:

    • you have domain and maintain name->ip relation
    • owner of ip-block, in which you placed your domain's host, maintain ip->name map

You must find owner of of ip-block and ask IN PTR records for used by you IPs

Lazy Badger
  • 3,137
  • 15
  • 13
  • Yes, PTR request put into colo facility, all set on rDNS. Domains live on shared public ip and unique public ips as required (e.g. sites that require SSL). It should be fine as is, name server has dedicated public ip and ASA only allows udp traffic on port 53. Seems to be working at any rate, if anyone has red flag to the contrary, feel free to let me know.... – virtualeyes Oct 14 '11 at 22:49