I have not yet experienced any DNS failures due to a missing PTR record, but am wondering:
Is there any added value in having a valid PTR record on a nameserver IP-address?
I have not yet experienced any DNS failures due to a missing PTR record, but am wondering:
Is there any added value in having a valid PTR record on a nameserver IP-address?
There shouldn't be any real functional issues due to a missing PTR record for a DNS server.
It may come in handy if you're dubugging network problems, but even then, I would think it would have limited usefulness.
It's extremely important if you are running a mail server. Otherwise, it's not important (IMHO).
Why? Many spam filters consider a missing PTR record as highly indicative that you are a spammer.
Being able to look up IP's and get a name back seems to have value to me. Troubleshooting errors with only IPs could get tedious.
Benefit 1: Reverse DNS lookups (which rely on the PTR record of a given IP address) can be performed in troubleshooting scenarios, though these scenarios are rare.
Example) A forward lookup cannot be found for "MYHOSTNAME", but you know the IP of the host it should be pointing to - you might then do a "dig" or nslookup to see what the PTR record says a valid hostname is. You could then change your "MYHOSTNAME" to whatever the PTR record is pointing to, instead of ending up with 2 A-records serving similar purposes.
Benefit 2: Mail exchange servers are in a never-ending battle with spammers. Having a PTR record proves your reliability to external mail servers, & in many cases will prevent your outgoing mail from being blocked or rejected.
The reason is that any old spammer may be able to send mail to a mail server, but many will not be able to create a PTR record for their IP, because many will be using relays or a personal ISP.
This means their IP addresses would not have an associated PTR record, unless they went through some "extra work" - e.g. a special process to register their hostname with the ISP/provider/etc. - thus blocking emails from IPs with no PTR record reduces the spam the mail server sends out.
For these reasons, I've generally seen it considered Best Practice to have a PTR record for each A-Record, but not for CNAMEs.
That way only "primary" hostname(s) will be resolved for reverse lookups, instead of perhaps websites/services/etc that may also reside on the same host (which generally I use CNAMEs for). This is of course just one of many ways to manage your DNS infrastructure.
The PTR record is a must have for all Mail Servers that directly relay mails to the Internet failing which many DNS Blacklist will outright reject mails originating from the I.P Address and it could get your I.P Addresses blacklisted globally and many of the DNS Blacklists are globally replicated depending on the Blacklist.
It also depends on the domains you are serving with the Public DNS server. Some TLDs require a Nameserver to be "Registered" with the TLD Registry before it can be used with their domains. This is not the case with COM/NET, but some others do require it.
I believe there must be a matching PTR record when you go to register the Nameserver
There is a lot of value in PTR records within private networks. I've seen it used for verifying access to NAS and SAN systems, for instance.
I've also seen it used for automation - use the PTR record to figure out which server you are targeting, and then adjust various scripting parameters accordingly.
There probably are many more uses today then when the question was originally posted; PTR records tend to be a feature that gets used for all kinds of purposes once it is available.