Hosting public reverse DNS zones in OCI

March 20, 2024 | 3 minute read
Carlos Santos
Cloud Network Specialist
Text Size 100%:

The domain name system (DNS) might be the most underrated service on the internet, despite being a service that every device connected to the internet uses. If DNS stops working, most of the internet would also stop. This blog post explains how a local internet registry (LIR) can use the Oracle Cloud Infrastructure (OCI) DNS service to host their reverse DNS zones.

 

IP address allocation

Before explaining how to host reverse zones, let’s explain how IP addresses are allocated. The internet assigned numbers authority (IANA) is responsible for global IP and autonomous system number (ASN) space. IANA delegates these resources to regional internet registries (RIRs) across the world. Each RIR serves the following regions:

  • AFRINIC: Serves Africa
  • ARIN: Serves the US, Antarctica, Canada, and parts of the Caribbean
  • APNIC: Serves East, South, and Southeast Asia and Oceania
  • LACNIC: Serves most of the Caribbean and all Latin America
  • RIPE: Serves Europe, Central Asia, Russia, and West Asia

These RIRs are responsible for distributing the resources, such as IPs or ASNs, to companies in their region. The companies that request IPs for their own use, like Oracle, internet service providers (ISPs), and data centers, are called local internet registries.

LIRs use the IPs for their own services and provide services to their customers. For example, when you launch a virtual machine (VM), a public IP is assigned to an instance. That IP comes from the pool of IPs assign by IANA to the RIR that are assigned a smaller pool of IPs to the LIR.

Now we know how IPs are assigned and the hierarchy of distribution. If you want to learn more about this hierarchy, see RFC 7020: The Internet Numbers Registry System.

Forward and reverse DNS zones

When a DNS zone is configured, it allows for clients, such as browsers, applications, and servers, to convert a hostname like www.oracle.com into an IP address that the client can use to connect to the service. This process is called a forward DNS resolution or DNS resolution, and it uses a forward DNS zone or DNS zone to convert hostnames to IP addresses.

In certain situations, you need to do a reverse lookup, when the client has an IP address and needs to check what hostname is configured for this IP address. This process is called a Reverse DNS resolution and it uses a reverse zone to convert IP addresses to hostnames.

The most common use for reverse DNS resolution happens with e-mail servers, usually before accepting emails from an IP. The server checks the reverse DNS to confirm that the hostname of the server sending the email is properly configured. This example is one of the many anti-spam techniques that by e-mail servers use.

Configuration of a reverse DNS zone

To configure a reverse DNS zone, you must host your forward DNS zone yourself or use a managed service like OCI DNS. You also need to host your reverse DNS zone somewhere.

For that, use the following steps:

  1. Create and populate the reverse zone with the needed PTR records.
  2. Delegate the reverse zone on your RIR to OCI DNS.

For details and step-by-step guidance on how to use OCI DNS to host and manage your reverse DNS zone, read the tutorial, Host Public Reverse DNS Zones in Oracle Cloud Infrastructure Domain Name System.

Notes:

  • If you look into your private zones in OCI DNS, you should have your virtual cloud network (VCN) reverse x.x.x.in-addr.arpa zones there. OCI DNS does this step for you automatically.
  • If you need to create a reverse DNS entry for an OCI public IP, you must open a service request to our support team. Remember that only LIRs (the IP owners) can create and manage reverse DNS zones.

 

Conclusion

Hosting reverse DNS zones using the Oracle Cloud Infrastructure DNS service is simple. Our service provides you with an anycast network, highly available and scalable service, and protection against DDoS, so that you can focus on providing services to your customers and leave the heavy lifting to us. For more information on the concepts presented in this post, see the following resources:

Carlos Santos

Cloud Network Specialist

My ZX spectrum 48K is to blame for all this. Since then I love technology and did a bit of everything from teaching, programming, databases, networking, hardware, cloud, you name it.
Also love travel, sci-fi movies, scuba diving, motorbikes and Heavy Metal (what else?).


Previous Post

Oracle Access Governance optimizes identity orchestration and enables unlimited integrations with generic connectors

Pavana Jain | 4 min read

Next Post


Govern public access to OCI resources using OCI IAM network perimeters and network sources

Chetan Soni | 2 min read