Answer the question
In order to leave comments, you need to log in
V
V
VN2020-10-12 14:19:00
VN, 2020-10-12 14:19:00
Why does bind not resolve PTR?
Forward Lookup Zone
$TTL 604800
@ IN SOA usrv.sandbox.corp. root.usrv.sandbox.corp. (
2 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS usrv.sandbox.corp.
@ IN A 192.168.99.50
@ IN AAAA ::1
usrv IN A 192.168.99.50
nnm IN A 192.168.99.51Reverse Lookup Zone
$TTL 604800
@ IN SOA usrv.sandbox.corp. root.usrv.sandbox.corp. (
2 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS usrv.sandbox.corp.
50 IN PTR usrv.sabdbox.corp.
51 IN PTR nnm.sandbox.corp.Addresses from the forward lookup zone resolve perfectly
host nnm
nnm.sandbox.corp has address 192.168.99.51Only the DNS server itself is resolved from the reverse lookup zone
host 192.168.99.50
50.99.168.192.in-addr.arpa domain name pointer usrv.sandbox.corp.
50.99.168.192.in-addr.arpa domain name pointer usrv.
50.99.168.192.in-addr.arpa domain name pointer usrv.local.other records are not processed
host 192.168.99.51
Host 51.99.168.192.in-addr.arpa. not found: 3(NXDOMAIN)error in log
usrv systemd-resolved[599]: Server returned error NXDOMAIN, mitigating potential DNS violation DVE-2018-0001, retrying transaction with reduced feature level UDP. 2 answer(s)
@shambler81
As you can see, everything is the same, the
difference is that the PTR is reverse !!!! and it is not enough just to register them in the DNS, because they are "reverse"
and they indicate on the side of your hosting provider and not on your DNS server
. In your DNS, they are only confirmed!
Contact the support service so that they indicate the reverse PTR
For example, at hetzner they can be specified in the place where you order the server,
but in 99% it is through the support service
also do not forget to specify DKIM - requires
the DMARC daemon - requires DKIM but the SPF text entry itself
is purely text entry
as well as new CAA
V
Viktor Taran, 2020-10-12 @shambler81
@ IN SOA ns1.ks03.ru. info.ks03.ru. (
2020021701 ; serial, todays date + todays serial #
7200 ; refresh, seconds
540 ; retry, seconds
1209600 ; expire, seconds
86400 ) ; minimum, seconds
;
2112.topexpert.pro. 3600 A 95.216.243.254
mx 3600 A 95.216.243.254
www 3600 A 95.216.243.254
mail.2112.topexpert.pro. 3600 CNAME domain.mail.yandex.net.
2112.topexpert.pro. 3600 MX 10 mx.yandex.net.
2112.topexpert.pro. 3600 MX 20 mx.2112.topexpert.pro.
2112.topexpert.pro. 3600 NS ns1.ks03.ru.
2112.topexpert.pro. 3600 NS ns2.ks03.ru.
254.243.216.95.in-addr.arpa 3600 PTR 2112.topexpert.pro
2112.topexpert.pro. 3600 TXT "v=spf1 ip4:95.216.243.254 ip4:95.216.243.198 include:_spf.yandex.net ~all"As you can see, everything is the same, the
difference is that the PTR is reverse !!!! and it is not enough just to register them in the DNS, because they are "reverse"
and they indicate on the side of your hosting provider and not on your DNS server
. In your DNS, they are only confirmed!
Contact the support service so that they indicate the reverse PTR
For example, at hetzner they can be specified in the place where you order the server,
but in 99% it is through the support service
also do not forget to specify DKIM - requires
the DMARC daemon - requires DKIM but the SPF text entry itself
is purely text entry
as well as new CAA
Similar questions
L
A
L
M
P
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question