Our reverse DNS Zone (for PTR record) is not yet activated

adit · June 13, 2023, 9:37am

Hi All,

We have set up a Reverse DNS zone at cloudflare as “30.255.103.in-addr.arpa”.

Then point Cloudflare’s given NS at our domain registrar’s portal.

Normally, it populates instantly or within 24 hours. But, after three-four days, still we couldn’t
see it populated yet.

Could you please help us as soon as possible?

Note:

We own our public IP block, don’t use any ISP provided IP.
We use Cloudflare as our primary DNS server.

DarkDeviL · June 13, 2023, 10:56am

According to APNIC, that specific Reverse DNS (arpa) zone is currently assigned to:

ns1.ssf.gov.bd
ns2.ssf.gov.bd

which was last modified on 2013-12-20.

adit · June 14, 2023, 4:53pm

Thanks for the reply. 

Please see the DIG trace both for Forward DNS Zone & Reverse DNS Zone
==========================================================
Forward DNS Zone of domain ssf.gov.bd:
--------------------------------------------------------
dig NS +noadditional +noquestion +nocomments +nocmd +nostats +trace ssf.gov.bd. @8.8.8.8

.			375	IN	NS	a.root-servers.net.
.			375	IN	NS	b.root-servers.net.
.			375	IN	NS	c.root-servers.net.
.			375	IN	NS	d.root-servers.net.
.			375	IN	NS	e.root-servers.net.
.			375	IN	NS	f.root-servers.net.
.			375	IN	NS	g.root-servers.net.
.			375	IN	NS	h.root-servers.net.
.			375	IN	NS	i.root-servers.net.
.			375	IN	NS	j.root-servers.net.
.			375	IN	NS	k.root-servers.net.
.			375	IN	NS	l.root-servers.net.
.			375	IN	NS	m.root-servers.net.
;; Received 228 bytes from 8.8.8.8#53(8.8.8.8) in 37 ms

bd.			172800	IN	NS	dns.bd.
bd.			172800	IN	NS	surma.btcl.net.bd.
bd.			172800	IN	NS	bd-ns.anycast.pch.net.
bd.			172800	IN	NS	jamuna.btcl.net.bd.
;; Received 311 bytes from 192.112.36.4#53(192.112.36.4) in 21 ms

ssf.gov.bd.		86400	IN	NS	chan.ns.cloudflare.com.
ssf.gov.bd.		86400	IN	NS	james.ns.cloudflare.com.
;; Received 84 bytes from 204.61.216.108#53(204.61.216.108) in 26 ms

ssf.gov.bd.		86400	IN	NS	chan.ns.cloudflare.com.
ssf.gov.bd.		86400	IN	NS	james.ns.cloudflare.com.
;; Received 84 bytes from 108.162.193.178#53(108.162.193.178) in 1 ms


Reverse DNS Zone of domain ssf.gov.bd is:
----------------------------------------------------------
dig NS +noadditional +noquestion +nocomments +nocmd +nostats +trace 30.255.103.in-addr.arpa. @8.8.8.8
.			84305	IN	NS	a.root-servers.net.
.			84305	IN	NS	b.root-servers.net.
.			84305	IN	NS	c.root-servers.net.
.			84305	IN	NS	d.root-servers.net.
.			84305	IN	NS	e.root-servers.net.
.			84305	IN	NS	f.root-servers.net.
.			84305	IN	NS	g.root-servers.net.
.			84305	IN	NS	h.root-servers.net.
.			84305	IN	NS	i.root-servers.net.
.			84305	IN	NS	j.root-servers.net.
.			84305	IN	NS	k.root-servers.net.
.			84305	IN	NS	l.root-servers.net.
.			84305	IN	NS	m.root-servers.net.
;; Received 228 bytes from 8.8.8.8#53(8.8.8.8) in 38 ms

in-addr.arpa.		172800	IN	NS	c.in-addr-servers.arpa.
in-addr.arpa.		172800	IN	NS	a.in-addr-servers.arpa.
in-addr.arpa.		172800	IN	NS	b.in-addr-servers.arpa.
in-addr.arpa.		172800	IN	NS	f.in-addr-servers.arpa.
in-addr.arpa.		172800	IN	NS	e.in-addr-servers.arpa.
in-addr.arpa.		172800	IN	NS	d.in-addr-servers.arpa.
;; Received 433 bytes from 192.112.36.4#53(192.112.36.4) in 28 ms

103.in-addr.arpa.	86400	IN	NS	ns2.apnic.net.
103.in-addr.arpa.	86400	IN	NS	ns3.lacnic.net.
103.in-addr.arpa.	86400	IN	NS	apnic.authdns.ripe.net.
103.in-addr.arpa.	86400	IN	NS	rirns.arin.net.
;; Received 151 bytes from 193.0.9.1#53(193.0.9.1) in 125 ms

30.255.103.in-addr.arpa. 86400	IN	NS	ns2.ssf.gov.bd.
30.255.103.in-addr.arpa. 86400	IN	NS	ns1.ssf.gov.bd.
;; Received 87 bytes from 203.119.95.53#53(203.119.95.53) in 787 ms

;; connection timed out; no servers could be reached
==========================================

We have purchased our domain from BTCL registrar from Bangladesh & IP from APNIC with our own ASN.

Now, please guide, what should we do to have a proper reverse DNS zone with this IP block?

DarkDeviL · June 15, 2023, 1:24am

The dig trace output that you provided, e.g. namely this latter part:

adit:

103.in-addr.arpa.	86400	IN	NS	ns2.apnic.net.
103.in-addr.arpa.	86400	IN	NS	ns3.lacnic.net.
103.in-addr.arpa.	86400	IN	NS	apnic.authdns.ripe.net.
103.in-addr.arpa.	86400	IN	NS	rirns.arin.net.
;; Received 151 bytes from 193.0.9.1#53(193.0.9.1) in 125 ms

30.255.103.in-addr.arpa. 86400	IN	NS	ns2.ssf.gov.bd.
30.255.103.in-addr.arpa. 86400	IN	NS	ns1.ssf.gov.bd.
;; Received 87 bytes from 203.119.95.53#53(203.119.95.53) in 787 ms

;; connection timed out; no servers could be reached
==========================================

indicate the exact same as I said above.

The 30.255.103.in-addr.arpa Reverse DNS (arpa) zone is from APNIC pointed to the two name servers:

ns1.ssf.gov.bd
ns2.ssf.gov.bd

From here, ns1.ssf.gov.bd points to one IPv4 address alone, but that specific IPv4 address does not respond to DNS queries for the 30.255.103.in-addr.arpa zone.

A DNS query for ns2.ssf.gov.bd returns status code 3 (NXDOMAIN), and does not point to any IP addresses at all.

So none of the name servers that the Reverse DNS (arpa) zone has been delegated to are actually reachable, which is why you end up with the latest part of “;; connection timed out; no servers could be reached”.

Since the IP block comes from APNIC, you would have to contact APNIC (and/or use their documentation) to have the delegation of the 30.255.103.in-addr.arpa Reverse DNS (arpa) zone moved to the correct name servers that you intend to use for that Reverse DNS (arpa) zone.

→ Reverse DNS delegation – APNIC

The delegation that you need to get updated through APNIC, is the “domain:” object shown here:

→ APNIC Whois Search for “30.255.103.in-addr.arpa”

system · June 30, 2023, 1:25am

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.