Reverse DNS Lookup
Page 1 of 3 123 LastLast
Results 1 to 10 of 30

Thread: Reverse DNS Lookup

  1. #1
    Senior Member
    Join Date
    May 2003
    Posts
    1,199

    Reverse DNS Lookup

    If I understand this correctly (and please correct me if I am wrong) reverse DNS works by trying to match an IP address to a domain name, rather than the domain name to the IP address. But how does this work if a single IP address has multiple Domain names associated with it? for instance we host a mail server which has about 35 different domains associated with it. Does a reverse DNS entry have to be made for each domain all associating it with that servers IP address? and if so will the reverse DNS then just pull a list of associated domain names and then match the sending domain to that?
    Everyone is going to die, I am just as good of a reason as any.

    http://think-smarter.blogspot.com

  2. #2
    Right turn Clyde Nokia's Avatar
    Join Date
    Aug 2003
    Location
    Button Moon
    Posts
    1,696
    Hi, I can see what you are tying to say/ask and the easiest way maybe for you to go here: http://www.dnsstuff.com/info/revdns.htm
    and have a quick read about rDNS as it is not as simple as having a reverse DNS entry listed in your DNS server!
    Drugs have taught an entire generation of kids the metric system.

    http://tazforum.**********.com/

  3. #3
    Senior Member
    Join Date
    May 2003
    Posts
    1,199
    I actually had read that before posting. My question is what about ip addresses that have multiple domains attached to them. like web servers that host more than 1 webpage. or in this case email servers that host more than one email domain. a reverse dns with querey IP address 1.2.3.4 but at that ip address it may be hosting 20 domains, so what does the querey return?

    I understand how the look up works if its 1 name 1 ip address. but not 1 ip address for 30 names.
    Everyone is going to die, I am just as good of a reason as any.

    http://think-smarter.blogspot.com

  4. #4
    Senior Member RoadClosed's Avatar
    Join Date
    Jun 2003
    Posts
    3,834
    I understand how the look up works if its 1 name 1 ip address. but not 1 ip address for 30 names.
    The simple answer is, you can't reverse dns mutliple domains to a single IP. A reverse DNS will always show the domain of the hosting ip.

    //EDIT you cannot even connect to a multiple hosted domain via IP since many share that same ip, you have to connect via domain name and domain name only.
    West of House
    You are standing in an open field west of a white house, with a boarded front door.
    There is a small mailbox here.

  5. #5
    Senior Member RoadClosed's Avatar
    Join Date
    Jun 2003
    Posts
    3,834
    Oh I just thought of something, are you trying to reverse dns email or something? That is a different issue. There is more information going back such as the user detail which can be "resovled" to a virutal directory containing the domain and the server can report back the proper domain. But a full on reverse dns will never resolve to anything but the associated ip of the hosting server.
    West of House
    You are standing in an open field west of a white house, with a boarded front door.
    There is a small mailbox here.

  6. #6
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    But a full on reverse dns will never resolve to anything but the associated ip of the hosting server.
    Unless your ISP maintains control of all RDNS for their netblock.... In that case you ask them to report the RDNS records to the hostname you wish and point all domains MX records to the same host(s).
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  7. #7
    Senior Member RoadClosed's Avatar
    Join Date
    Jun 2003
    Posts
    3,834
    Unless your ISP maintains control of all RDNS for their netblock.... In that case you ask them to report the RDNS records to the hostname you wish and point all domains MX records to the same host(s).
    True but that means something within your own control is actually associated with a server and that introduces differing circumstances. In this case you have the mail server probably at your office and your domain is hosted off site. Therefore the MX record will have a reverse lookup associated with a static IP separate perhaps from your domain name server or www server. If your www server and mail sever on on the same ip that is no problem because you are only reporting a single domain.

    //EDIT you can tweak your Reverse DNS response to say anything you want as long as you have an ip address. You won't even need a box hooked up to it. It's just some data you are reporting back. But when mutliple domains, like 30 are hosted on a single box with a single nic card that is not possible without more data or some external ip addresses such as your own internet connection. In the case of mail user data is sent by the mail system for a RDNS lookup and the hosting server uses that data to home in on the virutal server of a particula domain and report back the correct reverse dns entry that will match up.
    West of House
    You are standing in an open field west of a white house, with a boarded front door.
    There is a small mailbox here.

  8. #8
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Nope... My ISP manages the RDNS for it's netblock.... I asked if I could do it... They said yes but I chose to leave it with them anyway. Since they own the netblock their RDNS server is authoritative and will override anything you want to try to do unless they delegate the authority "downwards".

    When mailservers etc are checked by other mailservers I'm not entirely sure that the RDNS is a true RDNS query... I think it's more a comparison of sending IP and resolution of that IP to a hostname. I could be wrong but there's a lot of mailservers out there that wouldn't work if the request was a true RDNS request.
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  9. #9
    Senior Member RoadClosed's Avatar
    Join Date
    Jun 2003
    Posts
    3,834
    yeah it's not a true RDNS querry, well it is meaning it meets RFC requirements. But only if the mail server is hosted on a server with multiple domains, otherwise you just report what you want. The mail server doing the query says here is the ip AND user data. The other server looks at the domain to see if it exists in it's virtual domain structure and then reports back YES or NO on the RDNS ip comparison. Let me dig up something. It's a good read.
    West of House
    You are standing in an open field west of a white house, with a boarded front door.
    There is a small mailbox here.

  10. #10
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Yep.... I think we muddled our way through to the truth...
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides