diff --git a/howto/new-machine.md b/howto/new-machine.md
index 70b354ea026019a8d3ffbc0010ac1c26393f31f6..63592bf2efb4ad9cf25397b6e756e58777c68814 100644
--- a/howto/new-machine.md
+++ b/howto/new-machine.md
@@ -83,8 +83,46 @@ taken by the installer:
... where `$SUBNET` is the (known) subnet from the upstream
provider and `$MAC` is the MAC address as found in `ip link show
up`.
+
+ 4. ensure reverse DNS is set for the machine. this can be done either
+ in the upstream configuration dashboard (e.g. Hetzner) or in our
+ zone files, in the `dns/domains.git` repository.
+
+ Pro tip: `dig -x` will show you an SOA record pointing at the
+ authoritative DNS server for the relevant zone, and will even show
+ you the right record to create. Since IPv6 records are
+ particularly painful to create, you should use this all the time.
+
+ For example, the IP addresses of `chi-node-01` are `38.229.82.104`
+ and `2604:8800:5000:82:baca:3aff:fe5d:8774`, so the records to
+ create are:
+
+ $ dig -x 2604:8800:5000:82:baca:3aff:fe5d:8774 38.229.82.104
+ [...]
+ ;; QUESTION SECTION:
+ ;4.7.7.8.d.5.e.f.f.f.a.3.a.c.a.b.2.8.0.0.0.0.0.5.0.0.8.8.4.0.6.2.ip6.arpa. IN PTR
+
+ ;; AUTHORITY SECTION:
+ 2.8.0.0.0.0.0.5.0.0.8.8.4.0.6.2.ip6.arpa. 3552 IN SOA nevii.torproject.org. hostmaster.torproject.org. 2021020201 10800 3600 1814400 3601
+
+ [...]
+
+ ;; QUESTION SECTION:
+ ;104.82.229.38.in-addr.arpa. IN PTR
+
+ ;; AUTHORITY SECTION:
+ 82.229.38.in-addr.arpa. 2991 IN SOA ns1.cymru.com. noc.cymru.com. 2020110201 21600 3600 604800 7200
+
+ [...]
+
+ In this case, you should add this record to
+ `82.229.38.in-addr.arpa.`:
+
+ 104.82.229.38.in-addr.arpa. IN PTR chi-node-01.torproject.org.
+
+ And this to `2.8.0.0.0.0.0.5.0.0.8.8.4.0.6.2.ip6.arpa.`:
- Make sure reverse DNS is correct as well.
+ 4.7.7.8.d.5.e.f.f.f.a.3.a.c.a.b.2.8.0.0.0.0.0.5.0.0.8.8.4.0.6.2.ip6.arpa. IN PTR chi-node-01.torproject.org.
4. the machine has a short hostname (e.g. `test`) which resolves to a
fully qualified domain name (e.g. `test.torproject.org`) in the