Reverse DNS

How do I set up reverse DNS?

If you are hosting your own Email server on a static IP address, you can use Dyn to host its reverse DNS records. (If you are using a dynamic IP address or do not have an Email server, please see our Dyn Standard SMTP service.)

Before you begin, please note that reverse DNS naming conventions can vary widely between ISPs. As long as your reverse DNS zone at Dyn matches your ISP’s delegation, your reverse resolution will work correctly. However, please note that Dyn Standard DNS zones cannot contain slashes (/); your ISP must use dashes (-) instead.

There are two general formats for reverse DNS. Your Dyn Standard DNS zone will need to conform to whichever format your ISP chooses:

Standard format: For an IP block beginning at A.B.C.D /X, the reverse DNS zone should be D.C.B.A.in-addr.arpa. This is the format discussed in this guide.
Old format: For an IP block beginning at A.B.C.D /X, the reverse DNS zone would be D-X.C.B.A.in-addr.arpa. This is the format still used by some ISPs, and usually contains a slash (D/X.C.B.A.in-addr.arpa), which must be replaced with a dash.

Please follow the instructions which best describe your needs:

I have a very small number of IPs. (PTR in a forward zone)

Most customers only need reverse DNS for one or two IP addresses, since reverse DNS is mostly used for outgoing Email servers. In this case, it is easiest to simply have your ISP create the necessary records on their side.

If you are still interested in delegating these addresses to us, you can create the PTR records in your domain’s existing DNS zone. Your ISP will need to create CNAME records on their side which correspond to the PTR records. For example, let’s assume you have a DNS zone for domain.com and wish to delegate two IP addresses to it: 1.2.3.4 (mail.yourdomain.com) and 1.2.3.5 (smtp.yourdomain.com). There are two steps:

Ask your ISP to create CNAME records pointing to PTR records in your DNS zone, one for each IP address, following this format:
```
4.3.2.1.in-addr.arpa	86400	IN	CNAME	4.rev.yourdomain.com
5.3.2.1.in-addr.arpa	86400	IN	CNAME	5.rev.yourdomain.com
```
In your DNS zone for yourdomain.com, create corresponding PTR records for each address:
- Host: 4.rev
- TTL: 43200
- Type: PTR
- Data: mail.yourdomain.com
- Host: 5.rev
- TTL: 43200
- Type: PTR
- Data: smtp.yourdomain.com

Requests for these individual IP addresses will be answered by the PTR records in your domain’s Dyn Standard DNS zone.

I have smaller block than /24, such as /28. (Classless IN-ADDR.ARPA delegation)

This is the most common type of reverse DNS delegation, and requires a separate Dyn Standard DNS zone. For example, let’s assume you have a /28 block of IP addresses beginning at the address 1.2.3.4. There are four steps to delegating this block to us:

Create a DNS zone for 4.3.2.1.in-addr.arpa. (Remember, the reverse of a given IP address A.B.C.D is served from the zone D.C.B.A.in-addr.arpa.) This is where you will create the PTR records for your addresses.

Ask your ISP to create the following NS (NameServer) records, which will be used to delegate the reverse DNS queries for your IP block to Dyn:

4.3.2.1.in-addr.arpa	86400	IN	NS	ns1.mydyndns.org
4.3.2.1.in-addr.arpa	86400	IN	NS	ns2.mydyndns.org
4.3.2.1.in-addr.arpa	86400	IN	NS	ns3.mydyndns.org
4.3.2.1.in-addr.arpa	86400	IN	NS	ns4.mydyndns.org
4.3.2.1.in-addr.arpa	86400	IN	NS	ns5.mydyndns.org

Ask your ISP to also create the following CNAME records, one for each IP address in your block. This will map the individual addresses to your entries in Dyn Standard DNS.
```
4.3.2.1.in-addr.arpa	86400	IN	CNAME	4.4.3.2.1.in-addr.arpa
5.3.2.1.in-addr.arpa	86400	IN	CNAME	5.4.3.2.1.in-addr.arpa
6.3.2.1.in-addr.arpa	86400	IN	CNAME	6.4.3.2.1.in-addr.arpa
...
19.3.2.1.in-addr.arpa	86400	IN	CNAME	19.4.3.2.1.in-addr.arpa
```
You can use our Classless IN-ADDR.ARPA calculator to print the full list of records, which makes it easy for customers to provide the correct information to their ISP.
In your DNS zone for 4.3.2.1.in-addr.arpa, create a PTR record for each desired address like so:
- Host: 4
- TTL: 43200
- Type: PTR
- Data: mail.yourdomain.com

Queries for your IP block will be answered directly by the new DNS zone.

I have a full /24. (Full reverse IN-ADDR.ARPA zone)

This type of delegation is the easiest, and requires a separate DNS zone. (Please note that Dyn Standard DNS has a 75-record limit; if you need reverse DNS for more than 75 IP addresses in your block, please contact our support team for more information.)

For example, let’s assume you have a full /24 block beginning at 1.2.3.0. There are three steps:

Create a DNS zone for 3.2.1.in-addr.arpa. This is where you will create the PTR records for your addresses.

Ask your ISP to create the following NS (NameServer) records, which will be used to delegate reverse DNS queries for your IP block to Dyn:

3.2.1.in-addr.arpa	86400	IN	NS	ns1.mydyndns.org
3.2.1.in-addr.arpa	86400	IN	NS	ns2.mydyndns.org
3.2.1.in-addr.arpa	86400	IN	NS	ns3.mydyndns.org
3.2.1.in-addr.arpa	86400	IN	NS	ns4.mydyndns.org
3.2.1.in-addr.arpa	86400	IN	NS	ns5.mydyndns.org

In your Dyn Standard DNS for 3.2.1.in-addr.arpa, create a PTR record for each desired address like so:
- Host: 4
- TTL: 43200
- Type: PTR
- Data: mail.yourdomain.com

Queries for your IP block will be answered directly by the new DNS zone.

Testing your delegation

The best way to test your reverse DNS configuration is using the command dig -x ipaddr +trace, where ipaddr is a sample IP address in your block. (dig is a DNS lookup utility in Mac and Linux, with a Windows version available here.) The +trace parameter will show the whole delegation chain; if configured correctly, you will see our response with your PTR record at the end. If something is misconfigured, you will be able to see your ISP’s configuration and where the problem lies. If you get stuck, you can contact support for assistance.

Classless IN-ADDR.ARPA Calculator

For customers with blocks smaller than /24, this very simple calculator will generate a list of records to provide to your ISP. Please double-check the output to make sure it properly matches your actual IP address allocation.