Note:
- This tutorial requires access to Oracle Cloud. To sign up for a free account, see Get started with Oracle Cloud Infrastructure Free Tier.
- It uses example values for Oracle Cloud Infrastructure credentials, tenancy, and compartments. When completing your lab, substitute these values with ones specific to your cloud environment.
Host Public Reverse DNS Zones in Oracle Cloud Infrastructure Domain Name System
Introduction
If you are an organization that has been assigned a block of public IP addresses, you might need to host the reverse Domain Name System (DNS) zones in your own DNS servers, or use a managed DNS service like Oracle Cloud Infrastructure DNS.
When a DNS zone (also known as forward DNS zone) is configured, this allows a client, which can be browser or an application, to resolve a hostname (for example: www.oracle.com) into an IP address that in turn will be used by the client to connect to the server using the IP.
A reverse DNS zone is very similar, but as the name implies it works in a reverse way, you have an IP and need to know what name is configured for that IP. Some services, like email servers need to have a reverse DNS properly configured, matching the name of the server, or emails may be rejected by the receiving server when the reverse is checked. In this tutorial, we will use IPv4 as an example and to keep this tutorial short, but it works exactly the same way for IPv6.
Objectives
- Use Oracle Cloud Infrastructure (OCI) DNS service to host reverse DNS zones, taking full advantage of DDoS protection, anycast network, fully managed, fully scalable and highly available service.
Prerequisites
-
Access to an OCI tenancy.
-
Understanding of the principles of DNS.
-
Allocated IPs from one of the Regional Internet Registry (RIR).
Task 1: Check Reverse DNS Resolution for an IP Address
If you have an IP address, you can use several tools to check the reverse name resolution, like nslookup, dig, online services and so on.
-
Check reverse name resolution in any Linux console with the
hostcommand.[opc@mybox ~]$ host 138.1.33.162 162.33.1.138.in-addr.arpa domain name pointer ocomtld-prod.appoci.oracle.com.Or
-
Check reverse name resolution using the
digcommand with the-xthat means reverse lookups.[opc@mybox ~]$ dig +short -x 138.1.33.162 ocomtld-prod.appoci.oracle.com.
Task 2: Configure the Reverse DNS Zone in Oracle Cloud Infrastructure
To configure the reverse DNS zone in OCI DNS, we need to have the correct format, have you noticed the prefix and form of the result when using the host command? The IP has the octets in a reverse order and there is a prefix in-addr.arpa.
Let’s not go into details of the arpa suffix, remember that Internet was started in 1969 and at the time it was run by ARPA and called ARPANet.
The first thing we need to do is to create a zone in OCI DNS using the same naming convention.
Let’s assume that we were assigned the block of IPs 12.34.56.0/23, the zone in OCI would look like 56.34.12.in-addr.arpa.
After a few minutes, the zone becomes available and can be populated with records.
Task 3: Populate the Reverse DNS Zone
To populate the zone with a reverse DNS entry we need to create a pointer DNS record (PTR record). If a customer asks to create a reverse DNS entry for their mail server with IP 12.34.56.30 and name mymailserver.mydomain.com. This is what we need to create in our zone.
Note: Do not forget to publish the zone so it can be propagated to all the DNS server fleet.
Task 4: Check the Reverse DNS Zone
After the new record has been published in our zone, we can check if it is correctly configured by asking directly one of the OCI servers that were assigned to our zone, check the zone page on OCI Console for the nameservers that were assigned to your zone. For this tutorial, we have: ns1, ns2, ns3 or ns4.p201.dns.oraclecloud.net.
Use the Linux console and dig command.
[opc@mybox ~]$ dig +short -x 12.34.56.30 @ns1.p201.dns.oraclecloud.net
mymailserver.mydomain.com.
It works, we just resolved the reverse DNS for our IP into a hostname.
Task 5: Delegate the Zone on the Regional Internet Registry (RIR)
There is one last step missing so that all reverse DNS work without communicating directly to OCI DNS, which is configuring the zone delegation on the RIR with the provided OCI DNS nameservers.
This will depend on each RIR, for Europe, the RIR is RIPE. To create the reverse DNS delegation, see Creating DOMAIN Objects for Reverse DNS.
The question that you are probably wondering is that, we have a /23 CIDR, but we only configured a /24 of that CIDR and the rest? The way reverse DNS resolution works, mandates that you configure each /24 that you have independently. In this tutorial, we need to create two zones: 56.34.12.in-addr.arpa and 57.34.12.in-addr.arpa. The more /24 CIDRs you have allocated from your RIR, the more reverse DNS zones you will need.
Note:
If you look into your private zones in OCI DNS service, you should have your VCN reverse
x.x.x-in-addr.arpazones listed, we do this for you automatically with private IPs.If you need to create a reverse DNS entry for one of OCI public IPs, you have to open a service request with our support team. Remember that only Local Internet Registries (LIRs - the IP owners) can create and manage reverse DNS zones.
Hosting reverse DNS zones using OCI DNS service is very simple, and our service provides you with an anycast network, highly available and scalable service, protected against DDoS so that you can focus on providing services to your customers leaving the heavy lifting with us.
Related Links
Acknowledgments
- Author - Carlos Jorge Santos (OCI Cloud Engineer - Network Domain Specialist)
More Learning Resources
Explore other labs on docs.oracle.com/learn or access more free learning content on the Oracle Learning YouTube channel. Additionally, visit education.oracle.com/learning-explorer to become an Oracle Learning Explorer.
For product documentation, visit Oracle Help Center.
Host Public Reverse DNS Zones in Oracle Cloud Infrastructure Domain Name System
F94160-01
March 2024
Copyright © 2024, Oracle and/or its affiliates.