mkrdns - Man Page

MaKe Reverse DNS (auto generate PTR maps)


mkrdns [options] [configuration file]


mkrdns is a program designed to auto-generate reverse DNS maps (IN PTR records).  Some programs already accompany the BIND source package that will do this kind of thing on a single domain or network basis. mkrdns will read either a named.boot or named.conf file, figure out which domains and networks to deal with, and then generate the reverse maps.

You are deemed "in charge" of a network/domain if you are the primary DNS for a reverse zone, or if you are either the primary or secondary for a forward zone.  The exception to this rule is that the 127.* network is not auto-generated due to the "1 IN PTR localhost." issue.


-debug           Print debugging information.  (this will

print a LOT of information, be warned.)

-extension <ext> Append the given extension to the output

files.  This is useful if you want to
                have the reverse maps generated, but want
                to check their contents before use.

-help            The help screen.

-quiet           Turn off warning messages (multiple A

records -> IP, etc.)  Good for scripts,
                but you probably want to check on what
                the warnings report.

-rootdir <path>  Specify the path to the root directory

that named will be running in.  This
                will handle anyone using a chrooted
                environment for named.  Everything except
                the configuration file is assumed to be
                under the new root.

-version         Show mkrdns version information.

Configuration File

mkrdns reads the standard BIND configuration files named.boot and named.conf.  If you don't specify the full path to the file on the command line, mkrdns assumes that one (or both) will exist in /etc and will search for them.  If none are found, the program exits.  If one is found, it is used.  If both are found, named.conf is used.


Think of directives as configuration options for mkrdns which are simply comments to BIND.  The current directives are map, serialt, skip, and skipzone.

Map allows you to map hosts to another network.  This was designed in for the purpose of handling DNS for a subnet of a class C network which you do not control.  (See the DNS & BIND O'Reilly and Associates book, 3rd Ed., pg. 215-218) Assume that you have (ie: you have the 32 IPs from to ...)  You want to do reverse mappings for those IPs, but you don't control How do you do it?  The solution is to become the master for another zone (such as or, and CNAME the correct reverse pointers to the ones you're in charge of. The format for the directive is:
  map <network/mask> <new network>

Ex: map

This maps all hosts between and to to

Serialt will change mkrdns's behavior with the serial number for certain zones. By default, the serial number is assumed to be in date format (YYYYMMDDVV, year/month/day/version).  However, you can tell mkrdns to treat the serial number as a regular number instead.  This allows for more than 100 zone changes a day, and has a bit more flexibility depending on the environment.  The format for the directive is: serialt <view> <zone> <format>

<view> specifies which view should be used for the behavior change. If not specified, mkrdns assumes "default".  <zone> is either "default" or the actual zone (ie:  <format> is either "date" or "number".

Ex: serialt internal number

Skip forces mkrdns to ignore certain hosts/IPs via regular expression. The concept is that there are some IN A records that you would like to skip and not create a reverse entry.  Skip allows this. (for instance, "foo IN A" and "mail IN A" both exist, but you want to force foo as the reverse lookup and ignore mail. The following example can do this for you.)  Format:
  skip <regular expression>

Ex: skip ^mail

This will skip any host (or IP) that matches the "^mail" regular expression.  The host is the FQDN, and the IP is before mapping (see above).

Skipzone forces mkrdns to ignore certain zones while processing the named configuration file.  A possible use for this is where you have "" and "", and both of them should have the same host info (ie: and both have the same records.)  You want "" to be the reverse lookup for the IPs used.  So set the zone file setting to the same file (, and then add "skipzone". NOTE:  The skipzone argument must match EXACTLY with the zone name in the config file.  NOTE: You can specify multiple zones in the same "skipzone" statement. (ie: "skipzone")  NOTE2: If you are using views, the zone string must be in the format "view:zone".  If a view isn't given, "default" is assumed.

ignoreslaves tells mkrdns to ignore any forward slave domains in the configuration.  This is useful if, for instance, you are master for both a forward domain and reverse domain (say which go together, but you also have slave domains with hosts in the same reverse zone.

The format of a directive differs (sorry) between named.conf and named.boot.  UNIX-style comments (the hash mark then the comment) are allowed.

named.boot directives

Directives look like a comment, so the format is simply:

     ; mkrdns <directive type> <parameters>

named.conf directives

To make directives more efficient with BIND 8, the format is slightly different:

 /* mkrdns
    <directive type> <parameters>


mkrdns -e new /etc/named.boot

This will run mkrdns over the file /etc/named.boot.  Output files will be generated as <name>.new (i.e.: if the PTR zone file is called, the output will be


I tend to use this script like a lint check.  i.e.: Edit the proper zone files, then run mkrdns.

As with most documentation, there are probably things that aren't mentioned in the docs that the script does/assumes/etc.  I apologize for any inaccuracies/omissions.  Let me know if there are any parts that have an "issue", and I'll see if I can't straighten it out.


The <network>.zone reverse map files must already be created, be uniquely specified in the configuration file, and have the appropriate information (SOA/NS records, etc.) in there.  This script will strip out any PTR records, and then add them back in.  (This means anything like blank lines and comments will be moved to the top of the file.) $ORIGIN and $INCLUDE are striped as of mkrdns 1.3.

You must be at least a secondary for all domains which reference IP networks for which you're responsible.  There is no means (currently at least) to specify a PTR record for a non-existent A record, so this script must have access to all A records that need to be "reversed".

If you have more than 1 A record pointing to a specific IP, you can't have both be the PTR record.  This script takes the first A record it sees as the one used for the PTR record.  A warning is printed for any additional entries.  (While the RFCs don't prohibit multiple PTR records for the same IP, I have yet to find anyone who can give me a good reason to do it.)

Map serial numbers default to be in YYYYMMDDVV format.  (YYYY = year, MM = month, DD = day, VV = version (00-99).  This script will convert your serial number to this format if it's not already.  I don't have too many daily DNS changes, so the action for not being able to update the serial number (ie: VV is at 99 and can't be increased) is to simply exit. If this is going to cause a problem for you, you can use the serialt directive to specify a zone (or the default) should treat the serial number as a number instead of using the date format.  Either way, a problem will come up when the serial number reaches 4294967295 (max value), but that's another story.  (mkrdns will print a warning if this is about to happen)


Theo Van Dinter <>


2024-01-25 perl v5.38.2 User Contributed Perl Documentation