Reverse DNS does not function properly on CF's free plan

Hi, i have noticed that reverse dns (using PTR records) does not seem to work, or returns a different hostname than expected, however when testing with someone who had a paid plan, their reverse dns is working properly and can recreate the issue with a new free-plan site. Can CF please take a look at this issue?

Hm, may I ask if the hostname is proxied :orange: or unproxied :grey: (DNS-only) at the DNS tab of Cloudflare dashboard for your domain name? :thinking:

It is unproxied.

Reverse DNS is controlled by the party who has been allocated the IP address from the RIR (Regional Internet Registry). In the case of an :grey: unproxied record, the reverse DNS would typically reside in a zone that is delegated to the ISP or hosting provider. Cloudflare will not have any ability to affect such records.

2 Likes

I worked on this issue with @thexkey over Discord.

Here is a screenshot of their DNS records:

Note: we did also try 198.96.0.167.in-addr.arpa for the PTR Content.

When using Reverse IP Lookup - Reverse DNS Lookup we get a result of

image

I tested with my ENT account
I have a DNS record of


As well as a :orange: CNAME record for tor-exit

Using the same checker, I get a result of:
x256Dlfx7n

This result is correct

The user is using the server as an email server, so they need the :grey: record. I’m wondering if this is not possible and calling on my fellow @MVP as this has stumped me.

1 Like

Hey guys, setting the reverse DNS for an IP address requires that the IP address be dedicated to the user and as such is not a feasible free service to offer (at least for IPv4). This is only a feature for Cloudflare enterprise customers that bring their own IP space (such as @Cyb3r-Jak3 's example that uses IP space from FranTech Solutions instead of Cloudflare).

Perhaps the confusion here is that there can also be PTR DNS records for domains. For instance, the screenshot of @thexkey 's DNS records is a record for mail.<thexkey.tld> with the value 198.96.0.167.in-addr.arpa where as @Cyb3r-Jak3 's DNS record is a record for 198.98.50.199.in-addr.arpa with the value tor-exit.jwhite.network. One is a PTR record in a domain zone, the other is a pointer record in the special in-addr.arpa zone specifically for reverse DNS. Hopefully this clears things up.

To change the reverse DNS for the IP in the screenshot, you need to arrange it with the provider that is hosting that mail server. They are the only ones that have the authority to change the reverse DNS for that ip address.

1 Like

Yeah, this is just not possible. Creating a reverse DNS entry for an IP address you don’t own is just like creating an A record in a domain you don’t own. You’re free to do it on your nameserver, but no one is going to actually see the record.

You need to have an IP block that you own, and have its reverse DNS delegated to the nameservers you’re going to be using, and that’s an Enterprise feature.

1 Like

Oh. well that was a disappointment. how much would Enterprise cost for a small site that gets around 50 page visits daily?

A lot more than it would cost to get whoever owns the reverse zone to set the DNS entry for you.

Why do you think you need this?

1 Like

I’m trying to setup a self-hosted email server on the cloud, however some email servers will reject our servers since they do not have a reverse dns hostname, even though we have DKIM and other DNS-related security settings set up already.

Most hosts and cloud providers let you set the reverse DNS for an IP address for free. In fact other IP addresses in the same netblock from your provider have reverse DNS set. Even with the enterprise plan, it will not allow you to change the reverse DNS of your current mail server IP. Screenshot of other reverse DNS entries in your block for reference.

image

2 Likes

Yes, that’s a very good reason to want reverse DNS, but there’s no reason you have to do it yourself. Whatever provider you use should have this feature.

The provider I use for VPSs (Panix) has a thing in their web UI where you can set the reverse DNS for any IPs assigned to you. I’m almost positive Linode has this too, but I don’t have anything spun up there at the moment to look. Basically, whoever you’re getting service from will do this for you.

This. Usually I set PTR with my Web host provider even for domains on Cloudflare regardless of plan used.

1 Like

The last time I thought about reverse DNS or in-addr.arpa was when I worked someplace where I was responsible for an IP block. Basically nobody looking for advice on this forum needs to worry about it. That’s why it’s an Enterprise feature–those are the only people who need it, and there are costs involved in offering it.

Your mail server can get reverse DNS for free, anywhere that will let you run a mail server.

2 Likes