Higher Logic notes on screwing with tech…


Reverse DNS wall using DJBDNS

Another DNS post yay! Out of all aspects of DNS services this one is used least. So whats a reverse DNS wall? You know reverse DNS? thats where you look up an IP address and get the name associated as opposed to the other way round.

Now "some" special needs servers on the internet (FTP, SSH) like to do a reverse resolve of the incoming IP and block based upon the result. Some even rarer server would then would do a A record check on the reverse to make sure that matches the originating IP.

Lets say I have a whole bunch of computers that don't have DNS names, not now, not ever, how do they connect to these pesky services? Tell the service provide to stop be daft! Once you recover from the slap they gave you then setup our own reverse DNS wall. When queried these things will respond with the good stuff and take you to the promise land!

# Install
apt-get install daemontools daemontools-run ucspi-tcp djbdns
adduser --no-create-home --disabled-login --shell /bin/false walldns

# Config
walldns-conf walldns dnslog /etc/walldns
mkdir /etc/service ; cd /etc/service ; ln -sf /etc/walldns/

# Start and Test
initctl start svscan
# Checking status
svstat /etc/service/walldns
# Shutting down
svc -d /etc/service/walldns
# Starting up
svc -u /etc/service/walldns

Now get the upstream hosters of your IP address delegate the reverse zone to your server and you are good to go.