This article explains how to delegate a classless IPv4 reverse DNS range from a parent reverse DNS zone hosted in UltraDNS to another set of authoritative name servers.
Use this article when UltraDNS hosts the parent reverse DNS zone, such as a standard /24 reverse zone, and a smaller IP range or individual IP address must be delegated to another DNS provider or another set of name servers.
When to Use This Article
- UltraDNS hosts the parent IPv4 reverse DNS zone.
- You need to delegate an individual IP address or smaller classless range from that parent reverse zone.
- The delegated PTR records will be hosted by another DNS provider or another set of authoritative name servers.
- You need to understand which records belong in the UltraDNS parent zone and which records belong in the delegated child reverse zone.
Before You Begin
Classless reverse DNS delegation is different from standard /24, /16, or /8 reverse DNS delegation.
The delegated classless name must be created consistently in both locations:
- The parent reverse DNS zone hosted in UltraDNS.
- The delegated child reverse DNS zone hosted by the delegated name servers.
PTR records for the delegated classless range must be created in the delegated classless reverse DNS zone, not only in the UltraDNS parent zone.
Automatic PTR record creation in UltraDNS applies only to standard /24, /16, and /8 reverse zones. Classless reverse zones are not currently supported for automatic PTR creation.
Example Scenario
In this example, UltraDNS hosts the parent reverse DNS zone for the IPv4 block 1.2.3.0/24:
3.2.1.in-addr.arpa
The IP address 1.2.3.45 must be delegated away from UltraDNS to the following onsite name servers:
ns1.reversetest.com. ns2.reversetest.com.
The delegated classless reverse DNS zone name used in this example is:
45/32.3.2.1.in-addr.arpa
A hyphen-based naming convention may also be used, such as:
45-32.3.2.1.in-addr.arpa
Use one naming convention consistently. The classless name used in the UltraDNS parent zone must match the delegated classless reverse DNS zone hosted by the delegated name servers.
How Classless Reverse DNS Delegation Works
A normal reverse lookup for 1.2.3.45 queries the full PTR owner name:
45.3.2.1.in-addr.arpa
In the parent reverse DNS zone, the normal PTR owner name is created as a CNAME that points to the delegated classless PTR owner name:
45.3.2.1.in-addr.arpa. 86400 IN CNAME 45.45/32.3.2.1.in-addr.arpa.
The parent reverse DNS zone also contains NS records that delegate the classless reverse DNS zone to the delegated name servers:
45/32.3.2.1.in-addr.arpa. 86400 IN NS ns1.reversetest.com. 45/32.3.2.1.in-addr.arpa. 86400 IN NS ns2.reversetest.com.
The delegated name servers must host the classless reverse DNS zone and contain the final PTR record.
Records to Create in the UltraDNS Parent Zone
In the parent reverse DNS zone 3.2.1.in-addr.arpa, create the CNAME and NS records shown below.
CNAME Record
Create a CNAME at the normal PTR owner name:
45.3.2.1.in-addr.arpa. 86400 IN CNAME 45.45/32.3.2.1.in-addr.arpa.
NS Records
Create NS records for the delegated classless reverse DNS zone:
45/32.3.2.1.in-addr.arpa. 86400 IN NS ns1.reversetest.com. 45/32.3.2.1.in-addr.arpa. 86400 IN NS ns2.reversetest.com.
Records to Create on the Delegated Name Servers
The delegated name servers must host the delegated classless reverse DNS zone:
45/32.3.2.1.in-addr.arpa
Inside that delegated classless zone, create the PTR record for the IP address:
45.45/32.3.2.1.in-addr.arpa. 10800 IN PTR mail.example.com.
The leading 45 is still required in the PTR owner name. The classless zone name does not replace the final octet value.
Example for a Larger Classless Range
If a larger classless block is delegated, such as:
45/30.3.2.1.in-addr.arpa
The PTR owner names inside the delegated classless zone still include the final octet value for each IP address.
Examples:
46.45/30.3.2.1.in-addr.arpa. 10800 IN PTR mail.example.com. 47.45/30.3.2.1.in-addr.arpa. 10800 IN PTR mail2.example.com.
Verify the Delegation
Use a reverse lookup to confirm that the PTR record resolves:
dig -x 1.2.3.45
Use a trace lookup to confirm the CNAME and delegation path:
dig -x 1.2.3.45 +trace
The lookup should follow the CNAME from the normal PTR owner name to the delegated classless PTR owner name, then query the delegated name servers for the final PTR record.
Expected Outcome
After the parent zone and delegated child zone are configured correctly, a reverse lookup for the delegated IP address returns the PTR record hosted by the delegated name servers.
For the example IP address 1.2.3.45, the lookup should follow this path:
- The resolver queries
45.3.2.1.in-addr.arpa. - The UltraDNS parent zone returns a CNAME to
45.45/32.3.2.1.in-addr.arpa. - The resolver follows the delegation for
45/32.3.2.1.in-addr.arpa. - The delegated name servers return the PTR record.
Important Notes
- For IPv4 address
a.b.c.d, the normal full PTR owner name isd.c.b.a.in-addr.arpa. - For
1.2.3.45, the normal full PTR owner name is45.3.2.1.in-addr.arpa. - The CNAME is created at the normal PTR owner name and points to the delegated classless PTR owner name.
- The NS records delegate the classless reverse DNS zone to the name servers that will host the PTR records.
- The classless naming convention must match between the UltraDNS parent reverse DNS zone and the delegated classless reverse DNS zone.
- Do not create the PTR record only in the parent reverse DNS zone if the classless range has been delegated away from that parent zone.