The need for arpa zones in our external DNS

I'm interested in this too.

If your company does lease a block of IP addresses from an ISP, specifically
for such things as Mail Exchanger records (MX) and addresses for company
owned web sites, FTP servers etc, my question is.... When is it appropriate
to have the ISP create a reference to the company's own DNS for that block
of addresses and what, besides the reverse lookup record for the MX record,
do you put in the reverse zone for reference? In other words, if you have
the reference from the ISP setup, what should you include and not include in
the reverse zone?


"Herb Martin" <news.TakeThisOut@LearnQuick.com> wrote in message
news:uVAfv$i%23GHA.3456@TK2MSFTNGP02.phx.gbl...
> "Moondoggy" <Moondoggy.TakeThisOut@discussions.microsoft.com> wrote in message
> news:143B9CC0-2E68-4DFD-B8F1-6995264F4818@microsoft.com...
>> We just took over the responsibility for the external DNS in our company
>> and
>> it currently has a number of problem that we are now trying to fix.
>
> It is generally a poor idea for any by the largest
> (internet presence) companies to run their own
> EXTERNAL DNS -- best left, or put back, at
> the REGISTRAR in almost all cases.
>
> But that doesn't answer your actual questions....
>
>> One question we have deals with the need for reverse lookup zones (arpa)
>> zones.
>
> There is NO (DNS) relationship between your forward
> zones and the reverse zones for the address records (PTR).
>
> That relationship is ALL in the minds of us admins.
>
> You will almost never own your "reverse zones" (unless
> you own a relatively large block of addresses) and so
> you must get the ISP to either update or add these.
>
> Most ISPs just put in generic records for all addresses
> today and this generally solves the problem with little
> or no maintenance.
>
> In some real sense, the ISPs own the "addresses" and
> the corresponding reverse zones.
>
>> Now we understand that MX records should have a reverse lookup
>> address so that mail sent from our site can be confirmed as not being
>> spam.
>
> Well, so that it won't be so suspicious.
>
>> As far as anything else goes I'm confused as to the need. In other word,
>> does anyone or application need do a reverse lookup to determine that a
>> specific IP address points to our FTP server (i.e. FTP1.MyCompany.com)?
>
> Most other appications have no need or use for the
> PTR reverse records. (There are exceptions but not
> very common ones.)
>
>> We want to make sure that anything that should have a reverse lookup
>> entry
>> does and then remove what is not needed.
>
> You will likely have little or no control over the
> reverse records and zone.
>
> --
> Herb Martin, MCSE, MVP
> Accelerated MCSE
> http://www.LearnQuick.Com
> [phone number on web site]
>
>
 >> Stay informed about: The need for arpa zones in our external DNS 

"W C Hull" <substitute1stInitial2ndInitialLastName51.RemoveThis@hotmaill.com> wrote in
message news:%23p0kjV4%23GHA.3352@TK2MSFTNGP03.phx.gbl...
> I'm interested in this too.
>
> If your company does lease a block of IP addresses from an ISP,
> specifically for such things as Mail Exchanger records (MX) and addresses
> for company owned web sites, FTP servers etc, my question is.... When is
> it appropriate to have the ISP create a reference to the company's own DNS
> for that block of addresses

Anytime (unless your terms of service specifically
deny you establishing an email server etc.)

It is unreasonable for an ISP to refuse to do this if
you are allowed an SMTP server.

If they were to refuse, I would find a new ISP.

> and what, besides the reverse lookup record for the MX record, do you put
> in the reverse zone for reference?

Practically nothing.

The Reverse zone is technically a DNS zone like
any other so it must have an SOA record (effectively
the 'header' record for the zone) and the NS records
of the DNS servers or any delegated zones but other
than that reverse zones are largely just a bunch of
PTR records.

> In other words, if you have the reference from the ISP setup, what should
> you include and not include in the reverse zone?

Housekeeping (SOA etc) and PTR records.

--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

>
> "Herb Martin" <news.RemoveThis@LearnQuick.com> wrote in message
> news:uVAfv$i%23GHA.3456@TK2MSFTNGP02.phx.gbl...
>> "Moondoggy" <Moondoggy.RemoveThis@discussions.microsoft.com> wrote in message
>> news:143B9CC0-2E68-4DFD-B8F1-6995264F4818@microsoft.com...
>>> We just took over the responsibility for the external DNS in our company
>>> and
>>> it currently has a number of problem that we are now trying to fix.
>>
>> It is generally a poor idea for any by the largest
>> (internet presence) companies to run their own
>> EXTERNAL DNS -- best left, or put back, at
>> the REGISTRAR in almost all cases.
>>
>> But that doesn't answer your actual questions....
>>
>>> One question we have deals with the need for reverse lookup zones (arpa)
>>> zones.
>>
>> There is NO (DNS) relationship between your forward
>> zones and the reverse zones for the address records (PTR).
>>
>> That relationship is ALL in the minds of us admins.
>>
>> You will almost never own your "reverse zones" (unless
>> you own a relatively large block of addresses) and so
>> you must get the ISP to either update or add these.
>>
>> Most ISPs just put in generic records for all addresses
>> today and this generally solves the problem with little
>> or no maintenance.
>>
>> In some real sense, the ISPs own the "addresses" and
>> the corresponding reverse zones.
>>
>>> Now we understand that MX records should have a reverse lookup
>>> address so that mail sent from our site can be confirmed as not being
>>> spam.
>>
>> Well, so that it won't be so suspicious.
>>
>>> As far as anything else goes I'm confused as to the need. In other
>>> word,
>>> does anyone or application need do a reverse lookup to determine that a
>>> specific IP address points to our FTP server (i.e. FTP1.MyCompany.com)?
>>
>> Most other appications have no need or use for the
>> PTR reverse records. (There are exceptions but not
>> very common ones.)
>>
>>> We want to make sure that anything that should have a reverse lookup
>>> entry
>>> does and then remove what is not needed.
>>
>> You will likely have little or no control over the
>> reverse records and zone.
>>
>> --
>> Herb Martin, MCSE, MVP
>> Accelerated MCSE
>> http://www.LearnQuick.Com
>> [phone number on web site]
>>
>>
>
>
 >> Stay informed about: The need for arpa zones in our external DNS 

So.....

What I'm hearing is that if your ISP will create a reference to your DNS
server for the static addresses lieased, the only real need for a reverse
zone and a PTR record in that zone would be for MX record. You can have as
many PTR records as addresses but having one for an MX record is somehwhat
important, correct?



"Herb Martin" <news RemoveThis @LearnQuick.com> wrote in message
news:%23bhLwq7%23GHA.4704@TK2MSFTNGP04.phx.gbl...
> "W C Hull" <substitute1stInitial2ndInitialLastName51 RemoveThis @hotmaill.com> wrote
> in message news:%23p0kjV4%23GHA.3352@TK2MSFTNGP03.phx.gbl...
>> I'm interested in this too.
>>
>> If your company does lease a block of IP addresses from an ISP,
>> specifically for such things as Mail Exchanger records (MX) and addresses
>> for company owned web sites, FTP servers etc, my question is.... When is
>> it appropriate to have the ISP create a reference to the company's own
>> DNS for that block of addresses
>
> Anytime (unless your terms of service specifically
> deny you establishing an email server etc.)
>
> It is unreasonable for an ISP to refuse to do this if
> you are allowed an SMTP server.
>
> If they were to refuse, I would find a new ISP.
>
>> and what, besides the reverse lookup record for the MX record, do you put
>> in the reverse zone for reference?
>
> Practically nothing.
>
> The Reverse zone is technically a DNS zone like
> any other so it must have an SOA record (effectively
> the 'header' record for the zone) and the NS records
> of the DNS servers or any delegated zones but other
> than that reverse zones are largely just a bunch of
> PTR records.
>
>> In other words, if you have the reference from the ISP setup, what should
>> you include and not include in the reverse zone?
>
> Housekeeping (SOA etc) and PTR records.
>
> --
> Herb Martin, MCSE, MVP
> Accelerated MCSE
> http://www.LearnQuick.Com
> [phone number on web site]
>
>>
>> "Herb Martin" <news RemoveThis @LearnQuick.com> wrote in message
>> news:uVAfv$i%23GHA.3456@TK2MSFTNGP02.phx.gbl...
>>> "Moondoggy" <Moondoggy RemoveThis @discussions.microsoft.com> wrote in message
>>> news:143B9CC0-2E68-4DFD-B8F1-6995264F4818@microsoft.com...
>>>> We just took over the responsibility for the external DNS in our
>>>> company and
>>>> it currently has a number of problem that we are now trying to fix.
>>>
>>> It is generally a poor idea for any by the largest
>>> (internet presence) companies to run their own
>>> EXTERNAL DNS -- best left, or put back, at
>>> the REGISTRAR in almost all cases.
>>>
>>> But that doesn't answer your actual questions....
>>>
>>>> One question we have deals with the need for reverse lookup zones
>>>> (arpa)
>>>> zones.
>>>
>>> There is NO (DNS) relationship between your forward
>>> zones and the reverse zones for the address records (PTR).
>>>
>>> That relationship is ALL in the minds of us admins.
>>>
>>> You will almost never own your "reverse zones" (unless
>>> you own a relatively large block of addresses) and so
>>> you must get the ISP to either update or add these.
>>>
>>> Most ISPs just put in generic records for all addresses
>>> today and this generally solves the problem with little
>>> or no maintenance.
>>>
>>> In some real sense, the ISPs own the "addresses" and
>>> the corresponding reverse zones.
>>>
>>>> Now we understand that MX records should have a reverse lookup
>>>> address so that mail sent from our site can be confirmed as not being
>>>> spam.
>>>
>>> Well, so that it won't be so suspicious.
>>>
>>>> As far as anything else goes I'm confused as to the need. In other
>>>> word,
>>>> does anyone or application need do a reverse lookup to determine that a
>>>> specific IP address points to our FTP server (i.e. FTP1.MyCompany.com)?
>>>
>>> Most other appications have no need or use for the
>>> PTR reverse records. (There are exceptions but not
>>> very common ones.)
>>>
>>>> We want to make sure that anything that should have a reverse lookup
>>>> entry
>>>> does and then remove what is not needed.
>>>
>>> You will likely have little or no control over the
>>> reverse records and zone.
>>>
>>> --
>>> Herb Martin, MCSE, MVP
>>> Accelerated MCSE
>>> http://www.LearnQuick.Com
>>> [phone number on web site]
>>>
>>>
>>
>>
>
>
 >> Stay informed about: The need for arpa zones in our external DNS 

"W C Hull" <substitute1stInitial2ndInitialLastName51 RemoveThis @hotmaill.com> wrote in
message news:eT2MaR8%23GHA.2300@TK2MSFTNGP04.phx.gbl...
> So.....
>
> What I'm hearing is that if your ISP will create a reference to your DNS
> server for the static addresses lieased,

And technically the reverse record doesn't have to be
for the name YOU use for the server, only that it exist
and you use this name as the HELO name (SMTP server
reported name) when you configure you SMTP server.

And there should be an A record for that same name
(which might itself not even be in YOUR zone/domain)
which you use for the MX server name (which WILL be
in your zone/domain but can point to a server name
outside.)

Many people incorrectly think the SMTP server has to
use the same name that it uses as a 'regular' (e.g.,Windows)
server OR the name of the zone/domain for which it
servers email -- but this is clearly not true since ISPs
frequently use such servers to service hundreds or more
of their customers email zone/domain names.

> ...the only real need for a reverse zone and a PTR record in that zone
> would be for MX record.

For the name used by the MX record, which can be
set to match whatever the PTR record is already
set (e.g., by the ISP) to be.

> You can have as many PTR records as addresses but having one for an MX
> record is somehwhat important, correct?

Yes. Although this is not a required RFC it is common
practice for SMTP server admins to deny email from a
remote SMTP server without such a record, or which
doesn't match the HELO name, or which doesn't have an
A record etc.

These have become de facto rules for public SMTP
(outgoing) servers but not every admin enforces them
to the same level of strictness so nubies who setup
there email servers without such records may spend
a long time trying to figure out why (only) some SMTP
servers refuse the email.

--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

>
>
> "Herb Martin" <news RemoveThis @LearnQuick.com> wrote in message
> news:%23bhLwq7%23GHA.4704@TK2MSFTNGP04.phx.gbl...
>> "W C Hull" <substitute1stInitial2ndInitialLastName51 RemoveThis @hotmaill.com> wrote
>> in message news:%23p0kjV4%23GHA.3352@TK2MSFTNGP03.phx.gbl...
>>> I'm interested in this too.
>>>
>>> If your company does lease a block of IP addresses from an ISP,
>>> specifically for such things as Mail Exchanger records (MX) and
>>> addresses for company owned web sites, FTP servers etc, my question
>>> is.... When is it appropriate to have the ISP create a reference to the
>>> company's own DNS for that block of addresses
>>
>> Anytime (unless your terms of service specifically
>> deny you establishing an email server etc.)
>>
>> It is unreasonable for an ISP to refuse to do this if
>> you are allowed an SMTP server.
>>
>> If they were to refuse, I would find a new ISP.
>>
>>> and what, besides the reverse lookup record for the MX record, do you
>>> put in the reverse zone for reference?
>>
>> Practically nothing.
>>
>> The Reverse zone is technically a DNS zone like
>> any other so it must have an SOA record (effectively
>> the 'header' record for the zone) and the NS records
>> of the DNS servers or any delegated zones but other
>> than that reverse zones are largely just a bunch of
>> PTR records.
>>
>>> In other words, if you have the reference from the ISP setup, what
>>> should you include and not include in the reverse zone?
>>
>> Housekeeping (SOA etc) and PTR records.
>>
>> --
>> Herb Martin, MCSE, MVP
>> Accelerated MCSE
>> http://www.LearnQuick.Com
>> [phone number on web site]
>>
>>>
>>> "Herb Martin" <news RemoveThis @LearnQuick.com> wrote in message
>>> news:uVAfv$i%23GHA.3456@TK2MSFTNGP02.phx.gbl...
>>>> "Moondoggy" <Moondoggy RemoveThis @discussions.microsoft.com> wrote in message
>>>> news:143B9CC0-2E68-4DFD-B8F1-6995264F4818@microsoft.com...
>>>>> We just took over the responsibility for the external DNS in our
>>>>> company and
>>>>> it currently has a number of problem that we are now trying to fix.
>>>>
>>>> It is generally a poor idea for any by the largest
>>>> (internet presence) companies to run their own
>>>> EXTERNAL DNS -- best left, or put back, at
>>>> the REGISTRAR in almost all cases.
>>>>
>>>> But that doesn't answer your actual questions....
>>>>
>>>>> One question we have deals with the need for reverse lookup zones
>>>>> (arpa)
>>>>> zones.
>>>>
>>>> There is NO (DNS) relationship between your forward
>>>> zones and the reverse zones for the address records (PTR).
>>>>
>>>> That relationship is ALL in the minds of us admins.
>>>>
>>>> You will almost never own your "reverse zones" (unless
>>>> you own a relatively large block of addresses) and so
>>>> you must get the ISP to either update or add these.
>>>>
>>>> Most ISPs just put in generic records for all addresses
>>>> today and this generally solves the problem with little
>>>> or no maintenance.
>>>>
>>>> In some real sense, the ISPs own the "addresses" and
>>>> the corresponding reverse zones.
>>>>
>>>>> Now we understand that MX records should have a reverse lookup
>>>>> address so that mail sent from our site can be confirmed as not being
>>>>> spam.
>>>>
>>>> Well, so that it won't be so suspicious.
>>>>
>>>>> As far as anything else goes I'm confused as to the need. In other
>>>>> word,
>>>>> does anyone or application need do a reverse lookup to determine that
>>>>> a
>>>>> specific IP address points to our FTP server (i.e.
>>>>> FTP1.MyCompany.com)?
>>>>
>>>> Most other appications have no need or use for the
>>>> PTR reverse records. (There are exceptions but not
>>>> very common ones.)
>>>>
>>>>> We want to make sure that anything that should have a reverse lookup
>>>>> entry
>>>>> does and then remove what is not needed.
>>>>
>>>> You will likely have little or no control over the
>>>> reverse records and zone.
>>>>
>>>> --
>>>> Herb Martin, MCSE, MVP
>>>> Accelerated MCSE
>>>> http://www.LearnQuick.Com
>>>> [phone number on web site]
>>>>
>>>>
>>>
>>>
>>
>>
>
>
 >> Stay informed about: The need for arpa zones in our external DNS