Cloudflare PTR Records

Hi,

We have created LIR on ripe and owned our /24 ip address. While we are using ISP’s ip addresses, they were defining our PTR records. Now with our own ip address we need to handle this process. I need to create domain object on RIPE. When i define our cloudflare server an NS it gives unauthorized error. How can i create dns zone and PTR records on cloudflare ?

Thanks

That’s a new one to me. While there’s usually nothing stopping you from creating NS records in DNS here, that’s for delegating away subdomains.

Maybe @thedaveCA knows how this would work with a Cloudflare domain. @michael might also have some ideas.

1 Like

Apparently in-addr.arpa and ip6.arpa zones are only allowed on Enterprise plans. My testing it in the past was successful on free accounts, but that seems to have changed.

You need to add a new zone to your Cloudflare account for your reverse delegation. The zone name for a prefix a.b.c.d/24 will be c.b.a.in-addr.arpa. For v6 reverse delegations you need something similar, with the nibbles going backwards, so 2001:DB8:: would be a zone called 8.b.d.1.0.0.2.ip6.arpa You then need to log in to your RIPE account. and change your domain object to set the nserver attributes to be the nameservers Cloudflare requests.

Reverse zones in Cloudflare do some strange things. I have a website with valid Universal SSL certificate on some of my reverse zones, and some will not activate a certificate at all. You should only really be using reverse zones for PTR DNS records, so should not be an issue.

3 Likes

As far as I know, Michael is correct, these zones are an enterprise feature. I don’t have any of my own IP space, and the subnets I do control are on providers that have their own rDNS capabilities, so I’ve never bothered to delegate to myself as I make updates so rarely that it just doesn’t matter.

If you need a quick/free alternative, he.net does offer free in-addr.arpa and ip6.arpa zones, within the limitations of their free service.

1 Like

Thank you all for your responses and sorry for my late response. I have asked cloudflare team about licensing and waiting for their replies. I have also found on support page that ptr is not supported on cloudflare.

"For proxied domains, Cloudflare responds to DNS queries with its own shared, dynamic IP addresses. Therefore, PTR records cannot be added to Cloudflare.

The PTR record option shown in the DNS Records dropdown is not for adding PTR records for Reverse DNS resolution. It is instead for adding a PTR Record to the Forward DNS resolution for the domain. PTR in Forward DNS is allowed under the DNS specification.

The main reason to have a PTR record is to prevent emails from ending up in spam folders. Since Cloudflare doesn’t support email traffic by default, you would instead need to set the PTR record where your email server is located. Please reach out to your email provider for assistance."

This is referring to a user asking Cloudflare to add a PTR for one of their own reverse zones. As it’s a shared infrastructure, that would not make sense. With your own delegation and an Enterprise plan you can use CF for reverse DNS. I use CF for mine, mainly to populate trace routes and security tools with useful information.

I know there is an RFC to use PTRs for service discovery, but have not idea if it is used in the real world.

If so, I’ve not seen it. I’d love to see any examples, if this is being used in the real world in this way.

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.