Why would a host not allow you to set rDNS?

I use a cheap host for my personal use. Years ago, when I first started with them, I wanted to set reverse DNS and was told you have to request permission to do that cause it's not allowed by default. I received permission and have been happily humming along till today when I noticed something in my mail logs that I hadn't seen in a long time. Looking through all my configurations and I found that reverse DNS was pointing to the wrong subdomain.

Now maybe I changed it and forgot about it cause I do a fair bit of tinkering but I opened a ticket and was told they no longer allow users to set rDNS themselves. You have to submit a ticket and they will change it for you but, like I said, I do a fair amount of tinkering at times and I really don't want to have to wait an unknown amount of time for a ticket to get filled.

I presume it's because some must be doing nefarious or stupid things which cause issues but other hosts offer the ability.
 
It clearly requires checking. Say you own 10.1.1.1 which is foo.drhowarddfine.example.com, in your subdomain. Someone else owns 10.2.2.2 which is blatz.alicebob.example.com. If you now go and set the reverse DNS entry for 2.2.2.10.in-addr.arpa to point to fish.drhowardfine.example.com, then Alice and Bob will get very mad at you, because their e-mail just broke (just using e-mail delivery as an example of a protocol that can be sensitive to reverse DNS). And if you set 1.1.1.10.in-addr.arpa to zaphod.alicebob.example.com, I think you'll just shoot yourself in your own foot, but there be ways to screw up Alice and Bob. So whoever implements this needs to be doubly careful, and check both forward and reverse mapping for ownership.

In theory, the same applies to allowing to set your own DNS: If you set the A record for denialofservice.drhowarddfine.example.com to 10.2.2.2, you might slightly annoy Alice and Bob, but in practice, that's not really an important attack. For example, my hosting provider allows me to set my forward DNS records to anything I like (which is really convenient).

So I would ascribe this just to laziness on their part: it's not often needed, it's extra work, why bother.
 
My "hosting" (web serving) provider does provide reverse DNS, but configuring/editing only via trouble ticket. For forward DNS, they have a web interface, which works; sadly, not automatable or scriptable interface. Note that this is not for hosting a virtual machine or a colo, but only for web / e-mail serving and domain registration / DNS service.
 
ralphbsz So you think this is a mild attempt at being responsible and not letting just anyone set their own rDNS? I thought the same as you mentioned about setting DNS. It makes me want to just run my own email server and DNS from home but my ISP won't allow that.
 
Well, you to implement this (as a provider), you have to be careful, or you become irresponsible. And most people don't need it, so it's usually not even worth the effort.
 
Definitely seems like a hosting provider issue. I can manually set rdns on all my VPS systems as well, no problem. All I have to do is provide the name which then gets assigned to my IP address. Both IPv4 and IPv6 are supported.
 
I doubt any ISP would not allow rDNS at all if you had a server/vps/etc with a public address assigned to it. It’s just not something that changes that often and, as you’d usually have a DNS zone for an entire class C, you can’t just give users control over the zone like you might with their domain zones. You end up making something bespoke to provide a web interface for them that updates the reverse zone in the background.

We only do it by request as it’s just not worth us building the functionality to allow users to change it. A user can just contact us and we’ll do it. In almost all cases the reverse entry will be the server hostname and this just doesn’t need to change.

Choose a domain that you use for servers (google use 1e100.net for example). give each server a hostname and stick with it. It doesn’t matter what the server does, how many forward records point at it, how many times you “tinker” with it, as long as that hostname resolves to the server IP and the reverse matches the hostname there’s little reason to change it.
 
I doubt any ISP would not allow rDNS at all if you had a server/vps/etc with a public address assigned to it.
It's not an ISP, it's a hosting service. All hosting services that I've used in the past, including this one, allowed it.
I have three domains, two ipv4 addresses and 10 ipv6 addresses though I don't use all of them. I change the hostname on occasion. I tinker a lot.
 
My VPS provider allows me to adjust the reverse DNS via the same panel I use to manage the VPS. No ticket required, I can just edit it myself.
 
Back
Top