Stuck with reverse DNS issues in Route 53? We can help you with this!

Here, at Bobcares, we assist our customers with several AWS queries as part of our AWS Support Services.

Today, let’s see how our Support Engineers help our customers to fix the reverse DNS issues in Route 53.

 

Reverse DNS issues

 
A reverse DNS lookup or reverse DNS resolution is a DNS query for the domain name associated with a given IP address. This is just the opposite of the more commonly used forward DNS lookup, in which the DNS system is queried to return an IP address.

The following are some cases in which a reverse DNS record in a Private hosted zone might not work:

• If the DNS hostname and the DNS Support options are not enabled.
• The private hosted zone for the reverse DNS domain isn’t related to the Amazon VPC.
• Reverse DNS record may not work if the IP address that’s queried doesn’t match the private hosted zone reverse DNS domain name.
• Also if the private hosted zone can be queried using only the VPC DNS server.

The following are some cases in which a reverse DNS record in a Public hosted zone might not work:

• If the reverse DNS record for the AWS resource is not configured properly. If we are using AWS elastic IP address, so we need to update the reverse DNS address using the Amazon EC2 console or using the AWS CLI for AWS Elastic IP addresses in the US East (Ohio), Africa (Cape Town), Asia Pacific (Mumbai), Canada (Central), and Europe (Milan) Regions.
• Also if the IP address belongs to a third party, like another cloud computing platform or our ISP.

How to fix Reverse DNS issues in Route 53

 
Now, let see the steps to fix this reverse DNS issue:
 

Checking reverse DNS record and Identifying the IP address owner

 
At first, we need to check whether the reverse DNS record returned from the DNS resolver matches the expected. if it does not return the expected value, we need to identify the IP address owner.

We can use the nslookup command to check reverse DNS for Windows:

~$ nslookup 3.127.255.145
145.255.127.3.in-addr.arpa       name = ec2-3-127-255-145.eu-central-1.compute.amazonaws.com.

We can use the dig command to check reverse DNS for Linux:

$ dig -x 3.127.255.145

; <<>> DiG 9.11.3-1ubuntu1-Ubuntu <<>> -x 3.127.255.145
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33784
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 13, ADDITIONAL: 27

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 1b86000bcb1bda1a2778ef6f611b3c416fac9b4a3fa2fbe3 (good)
;; QUESTION SECTION:
;145.255.127.3.in-addr.arpa. IN PTR

;; ANSWER SECTION:
145.255.127.3.in-addr.arpa. 219 IN PTR ec2-3-127-255-145.eu-central-1.compute.amazonaws.com.

;; Query time: 201 msec
;; SERVER: 172.17.252.118#53(172.17.252.118)
;; WHEN: Tue Aug 17 10:04:09 IST 2021
;; MSG SIZE rcvd: 932

Then to identify the IP address owner, we can use the whois command:

$ whois 3.127.255.145

Organization: Amazon Technologies Inc. (AT-88-Z)

Contact the IP address owner for updating the RDNS record

 
We have to complete the following steps to create a reverse DNS record if we are using an AWS Elastic IP address:

• If we are using AWS elastic IP address, so we need to update the reverse DNS address using the Amazon EC2 console or using the AWS CLI for AWS Elastic IP addresses in the US East (Ohio), Africa (Cape Town), Asia Pacific (Mumbai), Canada (Central), and Europe (Milan) Regions.
• Also, we need to contact the owner of the IP address if the IP address belongs to a third party, like another cloud computing platform or our ISP.

Steps to check the private hosted zone is associated with the suitable Amazon VPC

1. Log in to the AWS Management console and then open Route 53 console.

2. Then select Hosted Zones and select the hosted zone that we are using for the reverse DNS domain.

3. Select View details.

4. Then expand the Hosted zone details.

5. Now we can check and verify that the private hosted zone is associated with the correct Amazon VPC.

Note: The steps can be applied only if the reverse DNS record is in a Route 53 private hosted zone.
 

Check if the DNS hostname and the DNS resolution options are enabled

1. Log in to the AWS Management console and then open the Amazon VPC console.

2. Select Your VPC and then select the VPC DHCP Option Set ID related to our VPC.

3. Now from the Description window, check and confirm that DNS hostnames and DNS resolution are enabled.

Check and confirm the custom DNS servers are properly configured

1. Log in to the AWS Management console and then open the Amazon VPC console.

2. SelectDHCP Option Sets and then select the VPC DHCP Option Set ID related to our Amazon VPC.

3. Now from the details option, check and confirm that the Domain name server is set to the Amazon-provided DNS servers of your Amazon VPC.

[Need help with more AWS queries? We’d be happy to assist]
 

Conclusion

 
To conclude, today we discussed the steps followed by our Support Engineers to help our customers to resolve the reverse DNS issues in Route 53.