APNIC Logo

Printer friendly version

Guide to reverse zones

Table of contents

Table of contents

1.   Create a reverse zone
2.   Nameserver software
3.   Using BIND 9 to set up a primary nameserver for a zone
4.   Using BIND 9 to set up a secondary nameserver for a zone



1. Creating a reverse zone

Tools

Here is a list of: arrow-blue tools to manage DNS and diagnose DNS Problems

Creating a reverse zone is the same as creating any other zone file. The SOA and initial NS records are the same as any normal zone. However, you will need to create additional PTR records.

The following information is based on creating reverse zones using BIND. The principles should be the same for other DNS software; however, the details are likely to be different. If you are not using BIND, please see the documentation for the software package you are using.


1.1  Start of Authority (SOA) record

The SOA record is the first record in a properly configured zone. It contains information about the zone in a string of fields. An SOA record tells the server to be authoritative for the zone. The SOA record takes the format:

Example:
<domain.name.> IN SOA <hostname.domain.name.>
 
<mailbox.domain.name>
<serial-number>
<refresh>
<retry>
<expire>
<minimum-ttl>
Where:
Field
Description
domain.name

The name of the domain to which the SOA belongs. Instead of writing out the full domain, you can also use '@' in the file to let the nameserver fill this out automatically.

Example:
28.12.202.in-addr.arpa
@
IN
The class of the DNS record. 'IN' is an abbreviated form of 'Internet'.
SOA
The type of DNS record, which in this case is 'Start of Authority'.
hostname.domain.name.

Also known as the 'hostmaster' field. It contains the e-mail address of the person responsible for maintaining the zone. No '@' is used as this field was originally formatted as if it was a hostname (in which '@' was invalid). The '@' symbol is replaced by a '.', and any '.' before the "@" was replaced by '\'.

Examples:
Email address
Hostmaster field
dns-admin@apnic.netdns-admin.apnic.net
dns.admin@apnic.netdns\admin.apnic.net

Recently, arbitrary characters have been permitted in this field, so '@' can now be used. However, the old format is still used by the majority of hostmasters and it is assumed by many DNS validators.

serial-number
The serial number of the current version of the DNS database for this domain. If a secondary server's number is lower than the number of the primary server, it indicates that the secondary server's records are out of date and that it requires a zone transfer from the primary server.
refresh
This tells a secondary server how often to poll the primary server and check for changes in the serial number field. Measured in seconds.
retry
If a refresh attempt fails, a secondary server will retry after the interval specified in the retry field. Measured in seconds.
expire

If the refresh and retry attempts fail, the secondary server will stop serving the zone after the period specified in the expire field. Measured in seconds.

minimum-ttl
The default TTL (Time To Live) for every record in the zone. The default is only used when a particular resource record does not have its own specified TTL value. When changes are being made to a zone, the default is often set at ten minutes or less.


Example:
28.12.202.in-addr.arpa. IN SOA ns.apnic.net. 
dns-admin.apnic.net. ( 
1999040701 ;Serial number 
10800 ;Refresh 
3600 ;Retry 
604800 ;Expire 
86400) ;Minimum TTL

The ';' character in the example above indicates that the rest of the line is a comment that should be ignored by the nameserver.

Also note the trailing dot ('.') after each record referring to a hostname. Without the dot, the nameserver appends the current zone after the record. For example, ns.apnic.net would be interpreted as ns.apnic.net.28.12.202.in-addr.arpa.


1.2  Nameserver (NS) records

An NS record declares the nameservers that serve a given zone. The NS record takes the format:

Example: 
<domain.name.> IN NS <hostname.domain.name.>
Where:
Field
Description
domain.name

The name of the domain to which the NS belongs. Instead of writing out the full domain, you can also use '@' in the file to let the nameserver fill this out automatically.

Example:
28.12.202.in-addr.arpa
@
[space]
IN
The class of the DNS record. 'IN' is an abbreviated form of 'Internet'.
NS
The type of DNS record, which in this case is 'Name Server'.
hostname.domain.name.
The hostname of an authoritative server.

Example NS record:
IN
NS
ns.apnic.net.
IN
NS
svc00.apnic.net.
IN
NS
ns.telstra.net.
IN
NS
rs.arin.net.


1.3  Pointer (PTR) records

Within the zone, you then need to create domain pointer (PTR) records for each IP address. For the address '202.12.28.131', this would be:

131.28.12.202.in-addr.arpa. IN PTR svc00.apnic.net.

However, as the SOA record for the zone already states the in-addr.arpa domain in full, you do not need to write this out again. Instead, you need only to write the last dotted quad from the address. Therefore, the above PTR entry can also be written as follows:

131 IN PTR svc00.apnic.net.

Once you have created all the relevant PTR records for your in-addr.arpa zone, the next step is to load it onto your nameserver.

Top


2. Nameserver software

There are various implementations of DNS protocols. The most popular is BIND.

Berkeley Internet Name Domain (BIND)

BIND is currently available in two versions: BIND 8 and BIND 9. APNIC recommends that you install BIND 9 as this version has more features and security fixes than BIND 8.

Information is available on the latest version of arrow-blue Bind at ISC Bind

A list of other nameserver software is available at arrow-blue DNS server software

Top


3. Using BIND 9 to set up the primary nameserver for a zone

1.  Add an entry specifying the primary server to the named.conf file using the following format:

zone "<domain-name>" in { 
 type master; 
 file "<path-name>";
};
Where:
Field
Description
domain.name

The name of the domain.

Example:
28.12.202.in-addr.arpa
type master
Defines this nameserver as the primary nameserver for <domain-name>.
path-name

The location of the file that contains the zone records.

The name of the file is entirely arbitrary. What you may choose to name the file has no relationship to the name of the zone which is being made primary.

If you have a large site, consider using the 'include' command to avoid an excessively large named.conf:


2.  Tell the nameserver to read in the new zone file by executing the command:

rndc reconfig

Example primary nameserver: 
zone "28.12.202.in-addr.arpa" in { 
 type master; 
 file "reverse/28.12.202.in-addr.arpa"; 
};

Top


4. Using BIND 9 to set up a secondary nameserver for a zone

1.  Add an entry specifying the secondary server to the named.conf file using the following format:

zone "<domain-name>" type slave; 
 file "path-name";
 masters {
 <ip-address>;
 };
};
Where:
Field
Description
domain.name

The name of the domain.

Example:
28.12.202.in-addr.arpa
type slave
Defines this server as a secondary nameserver.
path-name

The location of the file that contains the zone records.

The name of the file is entirely arbitrary. What you may choose to name the file has no relationship to the name of the zone which is being made secondary.


2.  Tell the nameserver to reconfigure using the command:

rndc reconfig

Example primary nameserver: 
zone "28.12.202.in-addr.arpa" in { type slave;
 file "slave/28.12.202.in-addr.arpa";
 masters {
 203.37.255.97;
 };
};

More information

Back to top of page