NS1 status

Articles in this section

See more

Configuring reverse lookup zones

  • Updated
Follow

A reverse DNS lookup (or resolution) is a querying technique in which an IP is used to determine the corresponding domain. In this case, you create a DNS zone that, when queried, will return the FQDN for a specified IP address. This is opposite to the more typical forward DNS lookup in which a domain name is used to determine the corresponding IP. You can create "reverse zones" in the NS1 platform to facilitate reverse lookups for IPv4 and IPv6 subnets.

Follow the instructions below to create a reverse zone in the NS1 portal.

Step 1: Create a reverse zone

  1. Log into the NS1 portal and navigate to DNS > Zones.

    screenshot-zones_page_header.png

  2. Click the + button to create a new zone.

    Screenshot - Add zone modal (May 2022)

  3. In the Domain name field, enter the FQDN for the reverse zone, considering the following examples:

    • For IPv4 subnets, the format to use in the domain name field is <reverseIP>.in-addr.arpa where you invert the IPv4 address, removing the netmask. For example, if the IPv4 subnet is 192.0.2.0/24, you would enter 2.0.192.in-addr.arpa. Refer to "Note about smaller IPv4 subnets" for IPv4 subnets that are smaller than /24.

    • For IPv6 subnets, the format to use in the domain name field is <reverseIP>.ip6.arpa where you invert the IPv6 address, separating each character with a period (.) and removing the netmask. For example, if the IPv6 subnet is 2001:0db8:29cd:1a0f::/64, you would enter f.0.a.1.d.c.a.9.2.8.b.d.0.1.0.0.2.ip6.arpa. The same pattern applies to any size IPv6 subnet.

  4. Optionally, you can associate the zone with a DNS view. Views are used to define which client(s) are permitted to query a zone.

    Warning

    At this time, zones published on the NS1 Managed DNS or NS1 Managed DNS for China networks cannot be associated with a DNS view.

  5. Optionally, click the checkbox next to Override zone name to enter a custom, unique name for this zone. This can be helpful if you plan to create multiple zones that point to the same FQDN. Otherwise, the zone name defaults to match the zone FQDN and any DNS views you associate with the zone during zone creation are included as a suffix to the FQDN to make up the unique zone name (e.g., <zoneFQDN>-<view_name>).

    Note

    You cannot modify the zone name after creating the zone.

  6. Select one or more DNS networks on which you want to publish the zone. Optionally, you can deselect all boxes to leave the zone unpublished.

  7. Under Zone Settings, select the type of zone you are creating and adjust the settings as desired. Refer to this article for details about each type of zone.

  8. Click Save zone. The new zone appears in the list (i.e., under DNS > Zones).

API: Create a reverse zone

Optionally, you can create a reverse lookup zone via the NS1 API by executing the command below:

curl -X PUT -H "X-NSONE-Key: $NSONE_API_KEY" -d ' { "zone":"<zoneFQDN>", "networks": [0] } ' https://api.nsone.net/v1/zones/<zone_name>

where:

  • "zone" refers to the FQDN of the reverse zone. In this case, this is the inverse of the IP address or subnet (removing the netmask) and appended by in-addr.arpa (for IPv4) or ip6.arpa (for IPv6).

  • "networks" is an array of one or more unique network IDs corresponding to the NS1 DNS networks on which you want to publish the zone. For example, NS1's Managed DNS network ID is 0. Note that you can omit the "networks" parameter altogether in which case the zone will be published to the Managed DNS network by default, or you can include the networks parameter but with an empty array to leave the zone unpublished.

  • <zone_name> in the URL path corresponds to a unique zone name. Typically, this will be the same as the zone FQDN — however, you can apply a nominal, unique name to a zone if you plan to create multiple zones that point to the same FQDN.

Step 2: Add a PTR record to the reverse zone.

Next, you will add a DNS pointer (PTR) record to the zone you just created.

  1. From the list of zones (i.e., under DNS > Zones), navigate to the reverse zone you just created. Tip: You can filter the list of zones by selecting the checkbox next to "Reverse."

    zones_reverse_filter.png

  2. Click the name of the zone to drill into zone details.

    screenshot-ipv6_reverse_zone_details.png

  3. Scroll to the bottom of the page and click + Add record.

    screenshot-show_add_record_button.png

  4. In the Add record modal, select PTR under the list of record types.

    add_record_ptr.png

  5. In the name field, enter the final octet or character of the IP address for the server or leave this field blank to indicate a root-level record.

    add_record_ptr_name.png

  6. Under Answers, enter the FQDN corresponding to the IP.

  7. Click Save record.

API: Add a PTR record to a zone.

Optionally, you can add a PTR record to a zone using the following API command:

curl -X PUT -H "X-NSONE-Key: $NSONE_API_KEY" -d '{"zone":"<zoneFQDN>", "domain":"<record_domain>", "type":"PTR", "answers":[{"answer":["<FQDN>"]}]}' https://api.nsone.net/v1/zones/<zone_name>/<record_domain>/PTR

where

  • "zone" is the unique name of the zone. For reverse IPv4 zones, this is the inverse of the IP appended by .in-addr.arpa. For reverse IPv6 zones, this is the inverse of the IP where each character is separated by a period which is then appended by .ip6.arpa.

  • "domain" is the domain name associated with the record. If this is a root-level record, the record domain will match the zone FQDN.

  • "type" is the type of record you are creating. In this case, the value should be set to "PTR".

  • "answer" (within the "answers" object) is an array of DNS answers associated with the zone. In this case, the answer value should match the FQDN to return in response to reverse zone lookups to the specified IP.

Step 3: Update the delegation.

If you own the specified subnet, you must update the delegation of the reverse DNS zone with your RIR (e.g., ARIN, RIPE, etc.) to point to the NS1 DNS servers assigned to the reverse zone. Typically, you can find these within the Nameservers tab within the zone details.

screenshot-reverse_zone_nameservers.png

Alternatively, you can run a GET command against https://api.nsone.net/v1/zones/<zone_name> to view all zone details, including the assigned nameservers.

Note about smaller IPv4 subnets

To configure reverse DNS for an IPv4 subnet smaller than a /24 (e.g., /29), follow the steps below, working with the IP owner (i.e., your hosting provider) to sub-delegate a reverse zone. Depending on the provider, the sub-delegated zone will have a name like 0/29.3.2.1.in-addr.arpa or 0-29.3.2.1.in-addr.arpa. Either format is valid when configuring with NS1.

  • Determine which format the provider will use and create the NS1 reverse zone accordingly.

  • Create PTR records for each IP address (e.g., 4.0/29.3.2.1.in-addr.arpa) to provide a reverse name for the 1.2.3.4 IP address when the 1.2.3.0/29 network has been sub-delegated.

  • Update the delegation with the provider to indicate which NS1 nameservers are assigned to the reverse zone.

Note

For IPv6 subnets, if you have been directly assigned the IPv6 space by your RIR, you can delegate the reverse zone to yourself. Otherwise, you will need to work with your provider to sub-delegate the reverse zone.

Related articles