mail this page
products | company | support | training | contact us
name ttl class rr name 15 IN PTR www.example.com.
The number '15' (the base IP address) in the above example is actually a name and because there is no 'dot' BIND adds the $ORIGIN (126.96.36.199.IN-ADDR.ARPA). The example below which defines a reverse map zone file for the Class C address 192.168.23.0 should make this clearer:
$TTL 2d ; 172800 secs $ORIGIN 23.168.192.IN-ADDR.ARPA. @ IN SOA ns1.example.com. hostmaster.example.com. ( 2003080800 ; serial number 12h ; refresh 15m ; update retry 3w ; expiry 3h ; minimum ) IN NS ns1.example.com. IN NS ns2.example.com. ; 2 below is actually an unqualified name and becomes ; 188.8.131.52.IN-ADDR.ARPA. 2 IN PTR joe.example.com. ; FDQN .... 15 IN PTR www.example.com. .... 17 IN PTR bill.example.com. .... 74 IN PTR fred.example.com. ....
Because the $ORIGIN reflects the reverse map domain all right-hand names must use an FQDN format (they end with a dot). If the terminating dot on joe.example.com above were omitted in error it would become joe.example.com.23.168.192.IN-ADDR.ARPA - not the desired result!.
PTR RRs, like most other RRs, can have RRsets (RRs which have the same owner-name (left-hand-name) and RR type). If multiple names are assigned to a host using CNAME RRs, A RRs or AAAA RRs then they can all appear in the reverse map, for example:
; forward zone file for example.com ... mail IN A 192.168.0.7 www IN A 192.168.0.7 ; OR mail IN A 192.168.0.7 www IN CNAME 192.168.0.7 ... # reverse map zone file for 0.168.192.IN-ADDR.ARPA ... 7 IN PTR mail.example.com. 7 IN PTR www.example.com. ...
is a prefectly legitimate zone file. However, in tests a number of mail systems, which invariably perform a reverse look up, did not handle RRsets and failed unless the mail server appeared first which is difficult to guarantee (see rrset-order). Thus, if a mail server (mail.example.com) and, say, a web server (www.example.com) both have the same IP address (as illustrated in the example above) then since mail systems invariably use reverse lookups as a trivial security check it would be sensible to define the reverse map to only contain mail.example.com.
It is not essential, but considered good practise, to define all assigned IPs in the reverse map.
It is sensible to define the reverse map in order of IP addresses or some other fixed order to avoid subsequent errors or to simplify searching for a particular value.
There are no A RRs for the defined NS names (respectively ns1.example.com and ns2.example.com) since both are out-of-zone names. Any lookup is done via the forward zone file for example.com in which suitable A RRs for these names must exist.
IPv6 and IPv4 addresses cannot be mixed in the same zone file as they can for forward-map zones. IPv6 addresses are reverse mapped under the domain IP6.ARPA whereas IPv4 addresses are mapped under the IN-ADDR.ARPA domain. IPv6 reverse-maps use a nibble domain name format defined in Chapter 3. The following fragment illustrates the use of the PTR RR to reverse-map the IPv6 addresses 2001:db8:0:1::1, 2001:db8:0:1::1, 2001:db8:0:2::1 and 2001:db8:0:1::1:
; reverse IPV6 zone file for example.com $TTL 2d ; default TTL for zone 172800 secs $ORIGIN 0.0.0.0.8.b.d.0.1.0.0.2.IP6.ARPA. @ IN SOA ns1.example.com. hostmaster.example.com. ( 2003080800 ; sn = serial number 12h ; refresh = refresh 15m ; retry = update retry 3w ; expiry = expiry 2h ; min = minimum ) ; name servers Resource Recordsfor the domain IN NS ns1.example.com. ; the second name servers is ; external to this zone (domain). IN NS ns2.example.net. ; PTR RR maps a IPv6 address to a host name ; hosts in subnet ID 1 184.108.40.206.0.0.0.0.0.0.0.0.0.0.0.0.220.127.116.11 IN PTR ns1.example.com. 18.104.22.168.0.0.0.0.0.0.0.0.0.0.0.0.22.214.171.124 IN PTR mail.example.com. ; hosts in subnet ID 2 126.96.36.199.0.0.0.0.0.0.0.0.0.0.0.0.188.8.131.52 IN PTR joe.example.com. 184.108.40.206.0.0.0.0.0.0.0.0.0.0.0.0.220.127.116.11 IN PTR www.example.com.
Notes: The IPv6 range 2001:db8:: is reserved for documentation purposes only by the great and mighty.
Problems, comments, suggestions, corrections (including broken links) or something to add? Please take the time from a busy life to 'mail us' (at top of screen), the webmaster (below) or info-support at zytrax. You will have a warm inner glow for the rest of the day.
3 reverse map
4 dns types
5 install bind
8 dns records
12 bind api's
13 dns security
bits & bytes
notes & tips
This work is licensed under a Creative Commons License.
If you are happy it's OK - but your browser is giving a less than optimal experience on our site. You could, at no charge, upgrade to a W3C STANDARDS COMPLIANT browser such as Firefox