Blog IndexPosts by TagHome

Automatic reverse DNS zonefile generation

Posted <2017-08-16 Wed 16:25> by Aaron S. Jackson.

My home network is a bit excessive, which is just the way I like it. The server (escher) which hosts this website also handles the authoritative DNS for my domains, as well as recursive DNS for the local networks. All of the machines on the network have an entry under rhwyd.co.uk. Machines which don't need a public address have a private address (and access the internet through NAT) and their hostname in this zonefile is appended with ".nat". For example: decbert.nat.rhwyd.co.uk.. Since escher is the primary DNS server for the machines on the network, there is also a reverse DNS zonefile. After a while of trying to keep these two files up to date, I gave up and wrote this script:

serial=$(date +%Y%m%d%H)
cat  > 1.168.192.in-addr.arpa.zone <<EOF
\$TTL 60
@       IN      SOA escher.rhwyd.co.uk. aaron.aaronsplace.co.uk. (
        $serial ;; serial
        1200    ;; refresh
        120     ;; retry
        1209600 ;; expire
        60      ;; neg
)

@   IN NS  escher.rhwyd.co.uk.
EOF

grep 192.168.1 rhwyd.co.uk.zone \
    | awk '{ split($4,ip,".");
             split($0,comment,";;");
             printf("%-3s IN PTR %-30s ;; %s\n", ip[4], $1".rhwyd.co.uk", comment[2])
           }' \
          >> 1.168.192.in-addr.arpa.zone

The entries in rhwyd.co.uk.zone typically look like this:

skippy.nat       IN  A  192.168.1.144  ;; asj HP 712/60
... <snip> ...
surface.nat      IN  A  192.168.1.100  ;; tld Surface
... <snip> ...
dhcp-1-64.nat    IN  A  192.168.1.64   ;; dhcp
dhcp-1-63.nat    IN  A  192.168.1.63   ;; dhcp
dhcp-1-62.nat    IN  A  192.168.1.62   ;; dhcp

And so, the script will generate the reverse zone:

144 IN PTR skippy.nat.rhwyd.co.uk         ;;  asj HP 712/60
... <snip> ...
100 IN PTR surface.nat.rhwyd.co.uk        ;;  tld Surface
... <snip> ...
64  IN PTR dhcp-1-64.nat.rhwyd.co.uk      ;;  dhcp
63  IN PTR dhcp-1-63.nat.rhwyd.co.uk      ;;  dhcp
62  IN PTR dhcp-1-62.nat.rhwyd.co.uk      ;;  dhcp

While on the topic of reverse DNS, I might as well have a small rant about Zen and their refusal to delegate reverse DNS for their customers' subnets. Zen route to us a public 29 subnet, which is great for remotely accessing specific machines remotely. While it is not possible to correctly delegate reverse DNS for subnets which aren't Class A, B or C, it is still possible.

There are two ways of doing this, and Andrews & Arnold ISP (being the excellent ISP they are) give you the option to do so. The first is to delegate each full address to another name server. I do this for the AAISP data SIM which is in my laptop. To get this working, you simply add a PTR record for @, pointing to the correct hostname.

The second approach, which is preferable if you have more than one address, is to add a CNAME record for each address pointing to a single zone. In that zone, following an agreed format, you can define a PTR record pointing to the hostname. This works because reverse DNS will follow the same rules of normal lookup, following name server delegations and CNAMES. See RFC 2317 for more information.

Why Zen won't do this is beyond me, and quite annoying, since I have to log into their slow website and update each record separately if I make a change to those records under the rhwyd.co.uk zone.

Related posts:

Tags: networking

Blog IndexPosts by TagHome

Copyright 2007-2017 Aaron S. Jackson (modified: Wed 16 Aug 23:44:53 BST 2017)