DNSSEC & Reversed DNS

I just signed my DNS zone with webmin. Everything went fine, I suppose! ;)

I haven't dealt with this before, thus could you please be kind telling me:

  1. There are a lot of new entries in .zone file, at the bottom, after my initial records. Is this alright?
  2. If I try to check my zone with http://network-tools.com/nslook it doesn't look standard anymore, you can't see that much of information anymore and basically the only thing is left is information about ns servers. Is this alright?
  3. Is this good in general to use DNSSEC?

My other concern is that it's been almost 24 hours since I have setup reversed DNS and as I suppose I have set it up properly, because if I use, host 1.2.3.4 it provides me with proper return. But if I do it with external networks it's not there. So my 4 question is about reversed DNS:

  1. how much time does it take for reversed DNS to work? Should I set up anything in firewall, maybe? Or it's default 53 port is all you need as it's DNS, right? Are there other means to check if if my reversed DNS record is working properly? Or having proper return from host command is already a good sign? Should there be any slave zones? I only have one master zone?

Thanks, Ilia

Status: 
Active

Comments

There are a lot of new entries in .zone file, at the bottom, after my initial records. Is this alright?

It's normal to have a lot of new data in the zone file.

f I try to check my zone with http://network-tools.com/nslook it doesn't look standard anymore, you can't see that much of information anymore and basically the only thing is left is information about ns servers. Is this alright?

I'm not familiar with the network-tools.com site... my primary concern would be to make sure that DNS lookups for your domains were still working. If they are, everything should be okay.

Is this good in general to use DNSSEC?

It's not good or bad, it's personal preference :-)

how much time does it take for reversed DNS to work?

Normally, reverse DNS is setup by your provider, and not on your server. How long it takes them to set that up can vary. However, if it's not working properly, that may mean you need to work with your provider regarding that.

Ilia's picture
Submitted by Ilia on Sat, 05/25/2013 - 16:08

If you take a look at the zone check on regular DNS zone, without DNSSEC, then is what you see:

Result of http://network-tools.com/default.asp?prog=dnsrec&host=virtualmin.com

Retrieving DNS records for virtualmin.com...
DNS servers
ns1.virtualmin.com [108.60.199.116]
ns2.virtualmin.com [108.60.199.116]

Answer records
virtualmin.com SOA
server: ns.virtualmin.com
email: root@ns.virtualmin.com
serial: 1316044220
refresh: 10800
retry: 3600
expire: 604800
minimum ttl: 38400
38400s
virtualmin.com A 108.60.199.107 38400s
virtualmin.com TXT v=spf1 a mx a:virtualmin.com ip4:70.86.4.226 ?all 38400s
virtualmin.com MX
preference: 5
exchange: mail.virtualmin.com
38400s
virtualmin.com NS ns.cloud.virtualmin.com 38400s
virtualmin.com NS ns2.cloud.virtualmin.com 38400s

Authority records

Additional records
mail.virtualmin.com A 108.60.199.107 38400s
ns.cloud.virtualmin.com A 108.60.199.108 1662s
ns2.cloud.virtualmin.com A 108.60.199.116 1662s

All I have now after applying DNSSEC is:

Answer records
domain.ru 48 [168 bytes] 14400s
domain.ru 48 [168 bytes] 14400s

Everything is working fine still though!?