Configuring reverse lookup zones

A reverse DNS lookup is a querying technique in which an IP address is used to determine the corresponding domain. In this case, you create a DNS zone that, when queried, will return the FQDN for a specified IP address. This is opposite to the more typical forward DNS lookup in which a domain name is used to determine the corresponding IP. You can create reverse zones in IBM® NS1 Connect® to facilitate reverse lookups for IPv4 and IPv6 subnets.

Step 1: Create a reverse zone

  1. Click DNS > Zones.
  2. Click Add zone.
  3. In the Domain name field, enter the FQDN for the reverse zone, considering the following examples:
    • For IPv4 subnets, the format to use in the domain name field is <reverseIP>.in-addr.arpa where you invert the IPv4 address, removing the netmask. For example, if the IPv4 subnet is 192.0.2.0/24, enter 2.0.192.in-addr.arpa. Refer to Configuring reverse DNS for smaller IPv4 subnets for IPv4 subnets that are smaller than /24.
    • For IPv6 subnets, the format to use in the domain name field is <reverseIP>.ip6.arpa where you invert the IPv6 address, separating each character with a period (.) and removing the netmask. For example, if the IPv6 subnet is 2001:0db8:29cd:1a0f::/64, you would enter f.0.a.1.d.c.a.9.2.8.b.d.0.1.0.0.2.ip6.arpa. The same pattern applies to any size IPv6 subnet.
  4. Optionally, you can associate the zone with a DNS view. Views are used to define which client(s) are permitted to query a zone.
    Attention: At this time, zones published on the NS1 Connect Managed DNS or NS1 Connect Managed DNS for China networks cannot be associated with a DNS view.
  5. Optionally, click the Override zone name check box to enter a custom, unique name for this zone. This can be helpful if you plan to create multiple zones that point to the same FQDN. Otherwise, the zone name defaults to match the zone FQDN and any DNS views you associate with the zone during zone creation are included as a suffix to the FQDN to make up the unique zone name (for example, <zoneFQDN>-<view_name>).
    Note: You cannot modify the zone name after creating the zone.
  6. Select one or more DNS networks on which you want to publish the zone. Optionally, you can clear all the checkboxes to leave the zone unpublished.
  7. Under Zone settings, select the type of zone you are creating and adjust the settings. Refer to this topic for details about each type of zone.
  8. Click Save zone. The new zone appears in the list of zones on the Zones tab.

Step 2: Add a PTR record to the reverse zone

Next, you will add a DNS pointer (PTR) record to the zone you just created.

  1. Click the Zones tab and navigate to the reverse zone you just created.
    Tip: You can filter the list of zones by selecting the Reverse checkbox.
  2. Click the name of the zone.
  3. Scroll to the bottom of the page and click + Add record.
  4. From the Record Type drop-down list, select PTR.
  5. In the Name field, enter the final octet or character of the IP address for the server or leave this field blank to indicate a root-level record.
  6. Under Answers, enter the FQDN corresponding to the IP.
  7. Click Save record.

Step 3: Update the delegation

If you own the specified subnet, you must update the delegation of the reverse DNS zone with your RIR (for example, ARIN, RIPE, and so on.) to point to the NS1 Connect DNS servers assigned to the reverse zone. Typically, you can find these within the Nameservers tab within the zone details.

Alternatively, you can run a GET command against https://api.nsone.net/v1/zones/<zone_name> to view all zone details, including the assigned nameservers.

Configuring reverse DNS for smaller IPv4 subnets

To configure reverse DNS for an IPv4 subnet smaller than a /24 (for example, /29), follow the steps below, working with the IP owner (that is, your hosting provider) to sub-delegate a reverse zone. Depending on the provider, the sub-delegated zone will have a name like 0/29.3.2.1.in-addr.arpa or 0-29.3.2.1.in-addr.arpa. Either format is valid when configuring with NS1 Connect.

  • Determine which format the provider will use and create the NS1 Connect reverse zone accordingly.
  • Create PTR records for each IP address (for example, 4.0/29.3.2.1.in-addr.arpa) to provide a reverse name for the 1.2.3.4 IP address when the 1.2.3.0/29 network has been sub-delegated.
  • Update the delegation with the provider to indicate which NS1 Connect nameservers are assigned to the reverse zone.
Note: For IPv6 subnets, if you have been directly assigned the IPv6 space by your RIR, you can delegate the reverse zone to yourself. Otherwise, you will need to work with your provider to sub-delegate the reverse zone.