setting upDNS

Quick question, I have been given address space, need to run my own DNS server to inject name resolution records into the primary domain names.

Whats the procedure, who do i need to register with ?

What type of box do you plan on running DNS on? Windows, Linux? I have experience setting up BIND on Red Hat 9 Professional.

Do you just need to setup name resolution, or Reverse DNS for your allocated block as well? Reverse can get kind of tricky, but I made myself a template that is fairly easy to follow.

In terms of registration, you need to have your registrar point to one or two boxes that you wish to be authoritative for a particular domain. For example, if your domain name is, contact your registrar and tell them that the nameservers authoritative for are and, and their IP addresses (that you choose from your block), respectively. You will obviously have to then create records for ns1 and ns2.

I will be using Red Hat box, I’ve got the DNS up and running no problem. I want to do reverse DNS, I have a block of IPs and if I register, I want to resovle that name to one of my own IP addresses.

Now I know when i register my domain name, I have to tell them which nameserver to point at, but my nameserver ns1 and ns2 have to controlled permitted by someone.

What is there to stop me getting a registrar to point to my name servers and I start resoving that name to someone else’s IP ?

I thought I would have to register my 2 name servers and the block with an upstream DNS body who will accept records from me for those IP’s.

I’m a little lost?

There is nothing stopping you from resolving to an IP address that is not in your block, it’s just not done.

Registrars of domain names point to name servers authoritative for those domains. Those name servers then contain the A, CNAME, NS and MX records which point to IP addresses.

Owners of IP space (your upstream ISP) delegate name servers responsible for handling reverse DNS for a particular block. If you want to do reverse DNS on your own boxes, you have to contact your upstream ISP and tell then that you are running your own name servers and you want them to be delegated as responsible for the reverse resolution of your address space. When a reverse request is made, your name servers will be queried for the particular PTR record in question.

mmm… .interesting… so in theory if someone hacks into my DNS they can really mess things up…

I’m surprised its as simple as that… i’ll give it a try and see what happens…

I have my block assigned by LACNIC so I guess I don’t need to liase with my ISP.


Yes it is pretty simple. Before I responded to your previous post I tested and created an A record on one of my zones which resolves to an IP address that is not in my allocated space. It resolved just as I thought it would.

So yes, you should make sure that your name servers are secured. I am running Open SSH on both boxes and iptables which only permit me to login from certain IP addresses.

The real chaos would occur if the root or TLD domain servers were hacked and manipulated.