Hello, I am trying to get the ptr to work but I am not sure what i am doing wrong. Where to enter xxx.xxx.xxx.in-addr.arpa. ? The manual page 240 shows where to enter it but when i remove the domain name and enter the xxx.xxx.xxx.in-addr.arpa. the DNS does not work for the site. I ma thinking may be we creat a different zone independent of any sites and that would be only for PTR purposes. Here is pri.domain.tld Code: www 3600 A x.y.z.w mail 3600 A x.y.z.w domain.tld. 3600 NS ns1.domain.tld. domain.tld. 3600 NS ns2.domain.tld. domain.tld. 3600 MX 10 mail.domain.tld. domain.tld. 3600 TXT "v=spf1 mx a ~all" default._domainkey.domain.tld. 3600 TXT "v=DKIM1; t=s; p=MIGfMA0GCSqGSIb3DQEBHDKFBFDJFHDKDNGaUoS9K71h6+2yMNtkU049R1mCnJLlPE42GzqS/$ w 3600 PTR srv1.domain.tld z.y.x.in-addr.arpa. 3600 TXT "v=spf1 mx a ~all" ns1 3600 A x.y.z.w ns2 3600 A x.y.z.w srv1.domain.tld 3600 A x.y.z.w srv1 3600 A x.y.z.w pop3 3600 CNAME srv1.domain.tld Here is the out of named-checkconf -z Code: /etc/bind/pri.domain.tld:19: ignoring out-of-zone data (z.y.x.in-addr.arpa) zone domain.tld/IN: 'domain.tld' found SPF/TXT record but no SPF/SPF record found, add matching type SPF record zone domain.tld/IN: loaded serial 20456704 zone localhost/IN: loaded serial 2 zone 127.in-addr.arpa/IN: loaded serial 1 zone 0.in-addr.arpa/IN: loaded serial 1 zone 255.in-addr.arpa/IN: loaded serial 1 How to get the PTR to work, please note that I am the ISP authorized to control the range of IPs where are dealing with.
That's the name of a dns zone. a ptr is a zone of the ip address, it is not a record that you can add to your"domain" zone.
Hi Till, I am still fighting with PTR as it is not working for me. I did a separate zone from any domain for the PTR and followed the manual for the PTR setup and it seems to be straight forward but still What could be wrong? Thanks in advance,
Are you sure that your server is the authoritive DNS server for this IP? In most cases when you rent a server in a datacenter, then the company that runs the datacenter manages the PTR for the IP that they assigned to your server. You should contact their support and ask them if they set the PTR for you or if you have to run your own dns server for the PTR.
Thanks a million Till. Your question got me to explore more things. Yes, I am the owner of /22 IPs and the datacenter said they cannot do anything it has to be me. I found the following message in the system-log, Code: named[28098]: client x.x.x.x#256732: query (cache) 'y.y.y.in-addr.arpa./A/IN' denied Then /etc/resolv.conf had only resolver server and non authoritative. I have added the authoritative to the list of servers and voila. It wroks like magic and my email queue was cleared in a matter of two hours.
By the way, any recommendation or special instruction for firewall to protect the server?! I have my own router in front of it where I can open and close ports as I wish.
And you have this zone "y.y.y.in-addr.arpa." added in ispconfig and this zone exists as zonefile in the bind config directory? Open the ports of the services that you provide on this server.
yes, I did the setup through the ISPConfig3 GUI, as I understood from you above as follows: 1- I have created a Zone by clicking "Add New DNS Zone Manually" where I entered y.y.y.in-addr.arpa. into the Zone (SOA). 2- The Zone created above is a standalone Zone and not part of any sites or connected to any domains. 3- Added NS record to point to the recursive server from the Datacenter ISP provider. "This was 4- Created a PTR record, as per the manual. 5- Edited /etc/resolv.conf and added the IP address of the authoritative server from the ISP. ****"I belive this step is not needed" will deleted and see if it makes a difference.**** Go ISPConfig3 Go, excellent Control Panel and community ;-)
Here is what I have under /etc/bind Code: -rw-r--r-- 1 root bind 517 Nov 28 18:19 pri.y3.y2.y1.in-addr.arpa Code: $TTL 3600 @ IN SOA ns1.domain.tld. info.domain.tld. ( 201567803 ; serial, todays date + todays serial # 7200 ; refresh, seconds 540 ; retry, seconds 604800 ; expire, seconds 3600 ) ; minimum, seconds ; y3.y2.y1.in-addr.arpa. 3600 NS auth1.dns.DCprovider.tld. w 3600 PTR srv1.domain.tld FYI, The IP address for the server is y1.y2.y3.w I have a feeling you are doubting something?
"w" is the last part of the ip address, right? And does the name srv1.domain.tld ends with a dot as required?
Yes No, it did not, however I added it now in the GUI and it shows in the /etc/bind/"ZONE" I checked the manual knowing from you that there is a dot and it seems to be OK however the image is bit blurry. I am just surprised how did it work?
A fully qualified domain name in dns ends with a dot. If you enter a string without a dot, then bind adds the zone name automatically. So in your case, srv1.domain.tld is a fully qualified domain name, so it has to end with a dot.