D. J. Bernstein
Internet publication
djbdns

How to set up a reverse DNS wall

Here is how to avoid publishing the names and IP addresses of your computers.

You could simply leave the relevant data out of DNS. Unfortunately, some silly Internet servers look up the computer name for each incoming IP address, and drop connections from any unlisted computer. A reverse DNS wall lets you connect to these servers: it creates an artificial computer name for every IP address.

These instructions assume that you have already installed daemontools and djbdns, and that svscan is already running.

1. As root, create UNIX accounts named Gwalldns and Gdnslog.

2. As root, create an /etc/walldns service directory configured with the IP address of the reverse DNS wall:

     walldns-conf Gwalldns Gdnslog /etc/walldns 1.8.7.205
The IP address must be configured on this computer. The IP address must not have a DNS cache, a DNS server, or any other port-53 service.

3. As root, tell svscan about the new service, and use svstat to check that the service is up:

     ln -s /etc/walldns /service
     sleep 5
     svstat /service/walldns

4. Arrange for the relevant in-addr.arpa names to be delegated to the reverse DNS wall. For example, tell the administrator of 8.1.in-addr.arpa to delegate 7.8.1.in-addr.arpa to the server 205.7.8.1.in-addr.arpa running on IP address 1.8.7.205.