Science and Technology : Reverse DNS Lookups!!!

Discussion in 'Science and Technology' started by mazimtaim, Mar 31, 2009.

  1. mazimtaim

    mazimtaim Well-Known Member MEMBER

    Joined:
    Aug 29, 2006
    Messages:
    923
    Likes Received:
    49
    Ratings:
    +50
    If someone can help. . .great. But I mostly just want to vent because I don't know of a way out of this.

    Recently, I upgraded my company's internet connection from 3.0mpbs to 4.3mpbs.

    We have 3 T-1 tied to together. Well, we use the worst Internet Provider in the world, AT&T Worldnet. These freaks claimed we could not keep our same IP scheme. They forced us to change our external IPs. Well, first they came back with a scheme that only gave us 32 addresses. Originally, we had 64. I screamed bloody murder, so they upgraded us to 128.

    How can you buy a bigger service and get less IPs????

    Anyway, we get the circuit installed after much trouble. I admit to doing some things wrong with my firewall, but after a few hours, I figured out the problems.

    The only thing that is left unresolved is reverse DNS. I wasn't thinking at the time. But AT&T told me that I needed to resolve this issue with my DNS provider, Network Solutions.

    I went to NS. They claimed they could make the entries. And they were so bad they screwed up the DNS entries that I had already that were working fine. Needless to say, we stop receiving emails. I made the correction and that was resolved. So I went back to NS again, this time, I guess I got someone with some knowledge. She apologized and admitted that NS have the ability or the knowledge to make these entries. I went back to AT&T immediately. Of course, they admitted to lying. The issue is that they want me to give them all of my DNS business just so I can make this stupid little entry for reverse DNS.

    Well, needless to say. . .I'm hot!!!!

    Does anyone know of a way to get a reverse DNS entry on a live DNS server? Is there some public table that I can edit?? I know that AT&T owns the real IP, but all I would need is access to a live DNS box.

    Thanks in advance.
     
  2. Knowledge Seed

    Knowledge Seed Well-Known Member MEMBER

    Joined:
    Feb 22, 2008
    Messages:
    2,747
    Likes Received:
    549
    Gender:
    Male
    Location:
    Atlanta, GA
    Ratings:
    +551
    The only people I know of here on destee who may be able to help you are Bros. Anafrican and ru2religious
     
  3. anAfrican

    anAfrican Well-Known Member MEMBER

    Country:
    United States
    Joined:
    Feb 1, 2005
    Messages:
    3,484
    Likes Received:
    711
    Gender:
    Male
    Occupation:
    The Meek !Shall! Inherit the Earth.
    Location:
    StreetNationEarth: Seattle
    Ratings:
    +745
    DIY and steal their .. er ... save you money!!

    i looked at dns pretty closely some time back and kinda sorta started to make sense of it, but then realized that <whew! thank goodness!!> i didn't have to get all that good with it. however, i do remember reading something about handling reverse look-ups and announcing one's ip space to the net. i also remember that, while one can do one's own dns stuff, one should be sure to have a secondary dns server in case one's primary server goes down.

    but, so as to not have to rely on my memory, here are a few links to, hopefully, relevant info:

    DNS for Rocket Scientists
    wikipedia - Domain Name System
    some mailing lists including BIND-USERS
    Illustrated TCP/IP (pdf)
    "configure reverse dns" google results
    "setting up reverse dns" google results

    if you want to "play" with this stuff in here, it would be some mental exercise that i would enjoy, (brain stretching is always fun!!!!!) and it might be something informative, educational and/or useful to the rest of the Pham. (actually, i've always thought that this (clarity of reverse dns, configuration of zone tables) might have (had) something to do with the "issues" destee.com occasionally experience([d]) with slow/dupe posting, lost/slow email and the occasional timeout getting to the site. but i think the "destee.com tech team" got this all ironed out, eh?)

    (this now concludes the portion of this missive that might contain relevant information. the majority of the rest of this post contains additional venting from the perspective of the author.)

    yeah; money grubbing pseudo-"service providers" suck big time! <grin>

    bandwidth has nothing to do with ip allocation. upgrading the speed of your pipe will not have any affect on the number of ip addresses unless you are moved into another ip "class". (hmmm ... if they can "give" you another 64 ... which sort of ties in with another thought i had: NATting (network address translation) - getting the world to think you have more addresses by appropriately tweaking your firewall. but that would be internal addresses - which is what ties it in: as far as you are concerned, you "got another 64 ip addresses", as far as at&t is concerned, they NATted the space you have and it looks like 64 more - or they may have actually given up 64 more.)

    should be; they just cost you time, and your company the money spent while you went through this, just because they want your dollars. network $olution$ has long been known to be a "bottom feeder". but, they did a bunch of "lobbying" and $tuff and $uch and now we are all stuck with them.

    ("live dns box"?? build your own!) and now we get to the real question. at this point, i'll admit that, except for the initial informational links, i've been doing a bit of venting myself.


    some time back, when i was configuring my firewall to protect my local lan, and at the same time, playing with giving my boxes (varied between 4 and 8) different ip blocks for different things, i found myself having to look into dns and bind. (in fact, somewhere, i've got a copy of "dns and bind" in hardcopy and on disk - finding them would mean digging through a storage locker, tho; sorry.)

    if memory serves, you have been playing with the appropriate table; your dns tables. the trick would be to get your tables to propagate past at&t/ns to the internet's root servers. in fact, you could set up your stuff to state that you are the "authoritative" source for your site. figure out who at&t/ns sends their zone tables up to and send a set of your own.

    then too, memory could be playing me false and i've been talking out of my "back pockets".

    if naught else, pull out your copy of "dns and bind" (you do have one, don't you? quick; run get one! read/study/memorize it!!) and learn how to know what is going on with that stuff. sure, there are folks that will provide this service "for you", but as you've found, there is always an extra price that has nothing to do with performing the service. and, as you've found, they'll sometimes, "accidentally", of course, break things enough that they'll have to charge you to fix it ... or give you a bit more of what you have already paid for!!
     
  4. mazimtaim

    mazimtaim Well-Known Member MEMBER

    Joined:
    Aug 29, 2006
    Messages:
    923
    Likes Received:
    49
    Ratings:
    +50


    Okay. I will look at some of these sites. EasyDNS looks like it might be a help. But I think in the end, I am stuck with AT&T because they "own" the IPs. The issue is that when you do a search on 12.235.63.x, it comes up as AT&T. That is because of a entry on their reverse DNS table. I don't think I can go to another server and make the edit because in reality, we don't own the address, we are merely leasing it.

    As for number of IPs, this is a customer service issue. I am responsible for several networks. On this one, the largest one, I have services that I provide to the internet. I have websites, I have mail servers, I have vpn concentrators, etc., etc.

    I have live IPs that are assigned to services here. You can't give me an "upgrade" then cut the number of live IPs in half. What about my NAT pool? Surely, I can use PAT for basic stuff. But my users are use more than just web access. We have users that use FTP, SMTP (for spamming purposes) etc, going out to the net. PAT can't address all of that.

    So while the number of IPs vary from network to network, you cannot as a service provider take away IPs from your client and. . .stay in business.

    But building a new DNS won't help me. Not for as long as the IPs are owned by AT&T. I don't know if it is possible to purchase real IPs, but if it is, I am quite sure it isn't a cost-effective solutions.

    Anyway, I will check some of the sites to see if we can get around the issue.



     
  5. mazimtaim

    mazimtaim Well-Known Member MEMBER

    Joined:
    Aug 29, 2006
    Messages:
    923
    Likes Received:
    49
    Ratings:
    +50
    Solutions!!!

    It is absolute *********. But I am going with it. I am going to give them a piece of crap domain name. Then I am going to get access to their DNS table and edit an entry for it.

    One thing I left out is the reason why we need reverse DNS. We need it because of all this new garbage about spamming rules. Since there are so many organizations out there trying to rid the email industry of spam (impossible I might add). One requirement many organizations have is that any IP sending email must have a reverse DNS entry.

    So, I am going to make an entry. It just won't be for our domain.

    :SuN042:

    LOLx10!!!!


    The IP will respond with a name from a resource in a different domain. Since I don't care that anyone knows about our domain or the bogus on that I will use, it doesn't matter. They have their issue resolved, where they see a domain name when they look up my IP. And I have my issue resolved. . .I can send them email.

    Thanks AA!!!

    "Black" folks worked it out. We are some smart mugs up in here!!!
     
  6. anAfrican

    anAfrican Well-Known Member MEMBER

    Country:
    United States
    Joined:
    Feb 1, 2005
    Messages:
    3,484
    Likes Received:
    711
    Gender:
    Male
    Occupation:
    The Meek !Shall! Inherit the Earth.
    Location:
    StreetNationEarth: Seattle
    Ratings:
    +745
    read, study, memorize, get the revision(s) and repeat any of these resources. a good few of them should already be somewhere in your office/lab/shop.

    in addition to the tables that at&t and network solutions uses, build your own zone configuration files and have them update [a/b/c/d/e/etc].rootserver.com. i look at it like "suspenders and belt": sure, they have this stuff all set up, since they are (presumably) providing you with dns services, but i don't think it ever hurts to have your own backups of this sort of stuff.

    "ftp, smtp, etc", and everything else, all use ports; why wouldn't Port Address Translation, or Network Address Translation, handle whatever service any users of the internet need to use?

    why not? it appears to be the current "business model"; cut services, raise prices and sue anyone that dares to complain. of course, the more proactive businesses will do all $ort$ of heavy lobbying to en$ure that their bu$ine$$ model is immune to complaints from their customers.

    generating your own in-house dns tables would be merely back-up/insurance to ensure that your company is always able to provide your customers with uninterrupted service regardless of what your "suppliers" try to pull on you.

    i'm not sure that you could actually "build a new dns", but you can tell the current domain name system which machines are "responsible" for providing services at which addresses.

    i'm also not sure that it much matters who owns the ip addresses; you are leasing a block of address space and i'd think you'd have the right to ensure that your customers are getting the paid for services by making sure that dns lookups and reverse dns lookups work like they are supposed to.

    (glad to see that you worked it out. i guess a cobbled together solution is better than no solution. i hope it works out. but why not be sure that your zone configuration files are available to the internet root servers?)
     
  7. mazimtaim

    mazimtaim Well-Known Member MEMBER

    Joined:
    Aug 29, 2006
    Messages:
    923
    Likes Received:
    49
    Ratings:
    +50
    Oh, AA, I have my own internal DNS. Always have. But that isn't the problem. No one sees my internal DNS other than the computers on my network. I don't need an external DNS server. I don't need all the hassle that comes with getting a DNS server registered and being updated, while updating others.

    And understand, AT&T isn't proving me anything. All they are giving me is internet access and like with any provider, the let me use their DNS to resolve going out to the net. My DNS is provided by Network Solutions. They do not support reverse lookup. They don't lease IPs. . .that's why.

    AT&T is in the IP leasing business. If you look up 12.235.63.98. . .you will see it is owned by AT&T. But it is in the block that I have assigned to my company.

    Port Address Translation is simply taking the 64,000 ports in the IP suite under a given IP address and using them all for web surfing. Sure, most users only want to surf the web. The problem is that we have folks that do other things. We run into problems with sessions being disconnected or not being able to launch at all. You know this, I know you have tried to launch two VPN sessions from a DSL or cable line before, right? You can't do it. The second session disconnects. With a T-1 line and a NAT pool set up most users get a real IP and access to all of the ports available under a real IP.

    As for my IP pool. . AA, I will assure you, they provided me with 128 addresses after I kicked the crap out of their customer service department. You can't do that AA, you can't. I need to provide services to my users. If AT&T can't help me, I can always find someone that will. So that wasn't a problem. They gave me twice the number of addresses, I had before.

    As for a backup plan. Again, we have internal DNS. I am not sure why we are going down this road. I am not concerned with DNS. I am concerned with Reverse DNS. I need resolution when I look up an IP. Not when I look up a domain name.

    I don't know why you can't see why IP ownership is a big issue. If you own a domain. . .that's a big issue. You can edit it any way you like. The same goes for owning an IP. There are tables that point to domains. AT&T own the IP and has a reverse dns with that IP listed. It points to AT&T.

    It doesn't matter. I found a way around this crap. I will give them a domain. Any piece of crap domain will do. Then I will access their table and create a pointer record that reads 12.235.63.whatever = mail.doodoo.com

    And that will take care of the issue.





     
Loading...