Determining an IP Address’ Authoritative Nameserver for PTR Records

An authoritative nameserver is a DNS (Domain Name System) server that contains the original source of information for a particular domain name. This server is considered as the ultimate or official source of DNS information for the domain and is responsible for providing the correct IP address or other DNS record information associated with the domain. When a DNS query is made for a domain name, the authoritative nameserver for that domain is queried to obtain the corresponding DNS information.

To determine what the current authoritative nameserver is, you’ll first need to understand how a standard PTR zone for an IP block will appear.

The zone will be formatted with the first three octets (an octet being one ‘section’ of the typical, 4-piece IP address) of the IP address, reversed, then followed by in-addr.arpa. Let’s look at some examples.

Server’s IP Address: 57.256.58.21

Associated PTR Zone: 58.256.57.in-addr.arpa

Server’s IP Address: 204.11.256.40

Associated PTR Zone: 256.11.204.in-addr.arpa

So what this establishes is that there will be a separate reverse DNS/PTR zone for each block of IP addresses (typically /24, or 255.255.255.0, for anyone familiar with subnet masks).

Within these zones, the individual PTR records are entered per individual IP address as simply the last, missing octet. So for the first example, a PTR record would be created in the corresponding 58.256.57.in-addr.arpa zone with just “30”, and of course the hostname that it needs to resolve to. The second example would add “21”, and so on.

Knowing how these zones are formatted, one way to determine the authoritative nameservers for an IP address is to use the dig command-line utility. If this is not installed already, you can do so on the cPanel server via yum by running:

yum -y install bind-utils

To install Dig on Debian or Ubuntu:

sudo apt-get install dnsutils

To find these nameservers using dig, you would run a command like the following:

dig +nssearch 125.74.208.in-addr.arpa

Which might give you results that look something like the following:

SOA c.cpanel.net. dns.cpanel.net. 2020080500 28808 7200 3600000 86400 from server 208.74.121.52 in 42 ms.
SOA c.cpanel.net. dns.cpanel.net. 2020080500 28808 7200 3600000 86400 from server 208.74.123.178 in 43 ms.
SOA c.cpanel.net. dns.cpanel.net. 2020080500 28808 7200 3600000 86400 from server 208.74.121.57 in 43 ms.

This tells us that the servers 208.74.121.52, 208.74.125.58 and 208.74.121.57 are authoritative for those IPs.

So if you have an IP address, remember to reverse the first 3 octets of the IP address you’d like to query.

Leave a Comment