Missing ARPA DNS records - so no reverse DNS

I recently decided to migrate my VDSL broadband from A&A to Zen Internet for reasons that are not important here.

I run my own SMTP server that handles mail for a number of domains, and manage my own DNS, so as the changeover date (Friday 6 May) approached I shortened the TTLs for the relevant DNS records but I found that the reverse DNS settings for the new Zen provision weren't available. So three days before this I opened a support ticket outlining my assumption and asking if the reverse DNS for the allocated IP address (I had already asked for this) could have the reverse DNS set accordingly.

I had guessed that the changeover would occur in the small hours and I was right: just after midnight on Thursday, the old connection went down and I swapped in the new Fritz box supplied by Zen. It uses TR-069 configuration: this occurred within a few minutes and... voila! Up and running, and slightly faster than the old line. So the DNS was changed accordingly and shortly thereafter DNS propagation tools were showing the new IP address around the world - result!

However...

The reverse DNS setting didn't become available on the Zen Portal until some hours later, when (presumably) there was some sort of manual procedure in relation to the new account. I set the RDNS and retired for some well-deserved rest. Waking up some hours later, I checked, and the RDNS was still not showing online. Hmmm. Strange. ARPA records usually have a short TTL, usually 3600 (1 hour).

Friday became Saturday. Still no RDNS, and mail was backing up - most MTAs are set to refuse mail when the RDNS doesn't match the sending host name. It was by now over 24 hours since the RDNS record was set, and ARPA zone files mostly have a TTL of 86400 (1 day), so it was time to do a few checks.

And found...

My new IP address is on the 51.155.0.0/16 network owned by Zen. But they only have ARPA records, which refer RDNS lookups to their own authoritative name servers, for (most of) 51.155.0.0 to 51.155.195.0, and there are none whatsoever for 51.155.196.0 to 51.155.255.0, and my own static IP is well into that range. I did the look-up on ns0.zen.co.uk and on ns1.zen.co.uk, and sure enough, back came my RDNS as set on the Portal. So no RDNS lookups relating to thousands of Zen IP addresses for the rest of the Internet, although in fairness the vast majority will not be in use. Calculating and making a reasonable guess from the allocation of my own IP address, there are about a thousand affected customers, although the vast majority just don't know it.

Long story short, I can only process mail on my mail server that's addressed to domains that use Zen's DNS, and nothing can be delivered by my MTA to the rest of the Internet. Worse, Zen don't have anyone available to sort the missing ARPA NS records until Monday morning - they don't work at the weekends!! By that time, lots of mail will have been returned to sender as "undeliverable"... I could of course adjust the Exim config to retry for longer, but instead I'm posting this and sending an explanation to everyone affected as to why this is happening.

I'm not a happy teddy, and so far Zen have not distinguished themselves as a competent ISP. I'll update this when mail is flowing again.

Edited by deleted (Sat 07-May-22 18:06:51)

In reply to a post by GraceCourt:

... there are none whatsoever for 51.155.196.0 to 51.155.255.0, and my own static IP is well into that range.

Addendum - the affected IP address range is slightly larger than stated above, there are ARPA NS records for most of the 51.155.0.0/24 sub-nets up to:

192.155.51.in-addr.arpa

Then...

193.155.51.in-addr.arpa
194.155.51.in-addr.arpa

... are missing (perhaps the relevant IP addresses are unused?), the next one is:

195.155.51.in-addr.arpa

And that's it, other than the ones on Zen's name servers. My guess is that whoever is supposed to be keeping an eye on the propagation of DNS zone files is off sick!

Edited by deleted (Sun 08-May-22 16:01:37)

I'm in a similar situation as you - although not with Zen.

I was choosing between Zen and Giganet (on FTTP Cityfibre) and Giganet just won out (their pre-sales support was so much better than Zen who gave me a bad feeling)..

So off I went with Giganet. I thought I was very thorough with my technical Q's prior to signing up - but not as thorough as I should have been as when it went live and I went to setup the RDNS - there was no way to do it. No problem I though, I'd email support and they could do it (as several other ISP's have done in the past).

The response I got was "RDNS is not available for residential/consumer connections"... Oh....

Luckily I have other options, I thought about using the A&A L2TP static IP/blocks but decided in the end that it was an additional expense I couldn't justify (yet). So I settled in the end to relay my outgoing mail through one (or two) of my several cheap VPS packages I have had for many years (where I can specify the RDNS as one would expect).

Good luck - let us know if/when Zen resolve this! Other than the RDNS issue I have been quite happy with Giganet so far but after 12m who knows what else will be available and perhaps more suitable for my (somewhat unusual) needs!

If you need an emergency (free) outgoing relay to get stuff flowing again (assuming its not millions of messages a day/going to get my servers blacklisted!!) I may be able to help with that (Although if you have DKIM for multiple domains it might fall into the too much hassle bracket!)

Regards,
Phil

What you are trying to accomplish is far too complicated for Zen broadband department to handle. For those sort of requirements you should have remained with AAISP.

In reply to a post by philg:

If you need an emergency (free) outgoing relay to get stuff flowing again (assuming its not millions of messages a day/going to get my servers blacklisted!!) I may be able to help with that (Although if you have DKIM for multiple domains it might fall into the too much hassle bracket!)

Very many thanks for the free mail server offer. I've got the benefit of having a multiple-domain Siteground account, and I've added my primary mail domain there with their mail server IPs listed on my DNS with lower priority so that it's a back-up mail receiver, so I'm using their Web mail service for the odd message that I need to send out from that domain.

The biggest hassle is that I use the primary mail server as a "Relay" server for a select few to message the 1,300+ members of an association that I support - think "dedicated simple Mailman lookalike" - and I can't replicate that easily. However, hopefully Zen will resolve the zone file problem tomorrow morning and it should begin propagating around the Internet thereafter.

But thank you, Phil, the offer is appreciated.

PS - I was fortunate enough to make a modest donation to DynDNS when it was run by enthusiasts... I say "fortunate" because when it was bought over as a commercial concern, previous donors were given free DNS service indefinitely - it's a real boon and was the best "investment" I ever made. It certainly made my migration a lot easier to be able to adjust my DNS records so flexibly.

In reply to a post by Pipexer:

For those sort of requirements you should have remained with AAISP.

I'd rather be with an ISP that doesn't deliberately cut off a long-standing customer's broadband and VOIP telephony without any warning (no, there weren't any outstanding invoices!) and then send an e-mail with a request to contact them to a mail server that's on the network it has just disconnected!

Yes, that's why I left AAISP. It's just as well I wasn't paying them for business continuity facilities.

ARPA record added by Zen for my IP range - RDNS now correct from Google and Cloudflare nameservers... just waiting for this to propagate around the Internet...

Sounds like you need to post about this experience in AAISP forum

Was it by chance in response to some sort of suspected DOS/DDOS attack?

In reply to a post by Pipexer:

Sounds like you need to post about this experience in AAISP forum

Was it by chance in response to some sort of suspected DOS/DDOS attack?

No, the company that was listed as the customer was due to be dissolved the following week, and the Direct Debit from which invoices were paid had been changed the previous month in order to prevent there being any risk of what happened, happening. But apparently they had been told direct by Companies House of the timetable for dissolution and, before we had a chance to notify the change, they cut off the broadband and VOIP telephony completely.

Worse, they told us that immediate disconnection is "company policy", and that they'd only e-mailed us (after the disconnection!) because we still seemed to be using the account. Obviously, we gave them feedback that - bearing in mind that there was still a week to go - it was the most utterly stupid company policy on Earth for a communications provider. Like I said in a previous post, we'd previously considered a business continuity arrangement with them using an alternative technology at additional cost, but that would have been disconnected as well!

Edited by deleted (Mon 09-May-22 18:42:16)

In reply to a post by GraceCourt:

ARPA record added by Zen for my IP range - RDNS now correct from Google and Cloudflare nameservers... just waiting for this to propagate around the Internet...

You would have thought they might check the setup or any processes they have when new blocks of addresses are brought into use. Following a recent migration to Zen I'm having the same issue with my address, also in the range 51.155.196.0 - 51.155.255.255, but I suspect with a differing third octet to yours.

Despite providing the nslookup results showing the SOA records are missing for the /24 block in question the first response I've had is to set my rDNS through the portal, which is not the issue. I've explained it again, waiting to see what happens next....