Question

How to really set up reverse DNS for a droplet.

Posted July 1, 2015 12.7k views
EmailDNSFreeBSD

In order to have one’s emails processed correctly, a valid reverse DNS entry is needed. Supposedly, a reverse DNS entry is automatically created using the name that is given to a droplet, and when you change it, the new name is associated with the IP address. In doing an “nslookup” on the IP address for my droplet, the following message is displayed:

** server can’t find 000.000.000.000.in-addr.arpa.: NXDOMAIN

I do have my own DNS servers where foreward DNS for the droplet resides. What is the correct way to have a valid reverse DNS entry created?

Add a comment
elibrarian
By:
elibrarian
Add a comment

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
1 answer
JonsJava July 1, 2015

Are you sure you’re doing the NS Lookup correctly?

Here’s an example:

nslookup
Default Server:  8.8.8.8
Address:  8.8.8.8

> set type=PTR
> 1.2.3.4
Non-authoritative answer:
Server:  8.8.8.8
Address:  8.8.8.8

4.3.2.1.in-addr.arpa     name = example.com

As you can see, I do this:

set type=PTR

EDIT I didn’t really answer your question, did I?

If you did the lookup correctly, and the PTR isn’t reflecting for that IP address, it will either be due to your DNS caching server, or an issue at DO. If you’re sure it’s not working (check here), open a ticket with DO support.

Reply Report
  • elibrarian July 1, 2015

    Setting type=PTR gets the same result! This is the lookup using “host:”

    host 12.34.56.78
    Host 87.65.43.21.in-addr.arpa not found: 3(NXDOMAIN)

    And here it is when executed in the droplet:

    host 12.34.56.78
    Host 87.65.43.21.in-addr.arpa not found: 5(REFUSED)

    NSLOOKUP is not available with FreeBSD 10.1.

    One of my domains is: elib.com … the droplet name is db.elib.com.

    Using the tool you suggest, it responds:

    No PTR record found
    Reported by ns2.digitalocean.com on 7/1/2015 at 9:21:46 AM (UTC -5),

    Reply Report
  • kamaln7 July 1, 2015

    elib.com points to 216.150.225.22, and:

    ~ ➤ host 216.150.225.22
22.225.150.216.in-addr.arpa domain name pointer www.elib.com.

    It looks like it’s working properly? Or are you talking about a different droplet? db.elib.com does not resolve to anything.

    Reply Report
  • JonsJava July 1, 2015

    Unfortunately, it sounds like you’ll need to get in touch with DO support.

    Reply Report
  • JonsJava July 1, 2015

    Well, this just got interesting.

    ping db.elib.com
PING db.elib.com.com (54.201.82.69) 56(84) bytes of data.
^C
--- db.elib.com.com ping statistics ---
1 packets transmitted, 0 received, 100% packet loss, time 97ms

user@host:~# nslookup
> set type=PTR
> 54.201.82.69
Server:         8.8.8.8
Address:        8.8.8.8#53

Non-authoritative answer:
69.82.201.54.in-addr.arpa       name = ec2-54-201-82-69.us-west-2.compute.amazonaws.com.

Authoritative answers can be found from:
>

    That was for db.elib.com. It shows that db.elib.com goes back to amazon, not DO.

    Now, on to your TLD:

    > elib.com
Server:         8.8.8.8
Address:        8.8.8.8#53

Non-authoritative answer:
*** Can't find elib.com: No answer

Authoritative answers can be found from:
elib.com
        origin = dns.elib.com
        mail addr = elibrarian.elib.com
        serial = 2015062901
        refresh = 3600
        retry = 900
        expire = 1209600
        minimum = 3600
> 

user@host:~# ping elib.com
PING elib.com (12.150.45.122) 56(84) bytes of data.
64 bytes from www1.elib.com (12.150.45.122): icmp_seq=1 ttl=52 time=66.3 ms
^C
--- elib.com ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 340ms
rtt min/avg/max/mdev = 66.300/66.300/66.300/0.000 ms
user@host:~# nslookup
> set type=PTR
> 12.150.45.122
Server:         8.8.8.8
Address:        8.8.8.8#53

Non-authoritative answer:
122.45.150.12.in-addr.arpa      canonical name = 122.64/26.45.150.12.in-addr.arpa.
122.64/26.45.150.12.in-addr.arpa        name = www1.elib.com.

Authoritative answers can be found from:
>

    OK, so your DNS for elib.com is handled by dns.elib.com. Let’s check that sub-domain:

    user@host:~# ping dns.elib.com
PING dns.elib.com (216.150.225.16) 56(84) bytes of data.
64 bytes from dns.elib.com (216.150.225.16): icmp_seq=1 ttl=53 time=83.5 ms
^C
--- dns.elib.com ping statistics ---
2 packets transmitted, 1 received, 50% packet loss, time 1049ms
rtt min/avg/max/mdev = 83.529/83.529/83.529/0.000 ms
user@host:~# nslookup
> set type=PTR
> 216.150.225.16
Server:         8.8.8.8
Address:        8.8.8.8#53

Non-authoritative answer:
16.225.150.216.in-addr.arpa     name = dns.elib.com.

Authoritative answers can be found from:
>

    Well, that one looks fine. So, the sub-domain that you’re having an issue with isn’t handled by DO, but by AWS, so you’ll need to ask them for help with this one.

    Oh, and @kamaln7 , thanks. I missed that they had provided their domain in the last message.

    EDIT
    doh! my ping went to db.elib.com.com.

    @kamaln7 is correct. db.elib.com doesn’t exist:

    > set type=A
> db.elib.com
Server:         8.8.8.8
Address:        8.8.8.8#53

** server can't find db.elib.com: NXDOMAIN
>

    Now, when I do a lookup against your DNS server:

     nslookup db.elib.com dns.elib.com
Server:         dns.elib.com
Address:        12.150.45.116#53

Name:   db.elib.com
Address: 45.55.232.68

    OK, so your DNS server sees it. This makes me wonder....

    whois elib.com

.................
Name Server: EGMONT.ELIB.COM
Name Server: DNS.ELIB.COM

    OK, so what does EGMONT.ELIB.COM say when querried?

    nslookup db.elib.com egmont.elib.com
Server:         egmont.elib.com
Address:        12.150.45.118#53

Name:   db.elib.com
Address: 45.55.232.68

    OK. so that works.

    Hm…

    nslookup db.elib.com
Server:         8.8.8.8
Address:        8.8.8.8#53

Non-authoritative answer:
Name:   db.elib.com
Address: 45.55.232.68

    Ahh. There we go. So, now it’s down to PTR records:

    user@host:~# nslookup
> set type=PTR
> 45.55.232.68
Server:         8.8.8.8
Address:        8.8.8.8#53

** server can't find 68.232.55.45.in-addr.arpa.: NXDOMAIN

    OK, so we’re now back to DO support with this one.

    The reason for the NXDOMAIN on the A record, if I had to guess, would be that the change hadn’t propagated.

    Reply Report
  • elibrarian July 1, 2015
    [deleted]
    Reply Report
  • elibrarian July 1, 2015

    The address for for elib.com you report is about a year old! It was discontinued as we do not have that set of IP addresses, now. It appears the Domain Name Servers you use are woefully out of date. Try this:

    nslookup elib.com dns.elib.com
    or
    host elib.com dns.elib.com
    Using domain server:
    Name: dns.elib.com
    Address: 12.150.45.116#53
    Aliases:

    elib.com has address 12.150.45.122

    And:

    host db.elib.com dns.elib.com
    Using domain server:
    Name: dns.elib.com
    Address: 12.150.45.116#53
    Aliases:

    db.elib.com has address 45.55.232.68

    Please check the names you are looking up: dns.elib.com.com is not valid.

    Reply Report
  • JonsJava July 1, 2015

    I edited my last comment with more info.

    Also, I use google DNS to test against because it’s one of the largest ones out there. If I have an issue with it, that’s a big problem for you. as of 3 years ago, Google public DNS served 70 billion requests per day. This means if Google has your DNS wrong, there’s going to be issues for your customers/viewers to reach you. Period.

    Now, your TTL for your site is set to ~ 6 hours (21599 seconds, where 6 hours is 21600), so any changes will take up to 6 hours to propagate.

    How it retrieved an IP a year old is beyond me.

    Reply Report
Submit an Answer

Related

Looking for something else?

Ask a new question Search for more help