Multiple Domain Names/ One IP Address

Phil Howard phil-bind at ipal.net
Tue Oct 12 13:50:38 UTC 1999 

Martin McCormick writes:

> Barry Margolin writes:
> >Yes.  Just create different A records that all have the same IP address, or
> >use CNAME records if possible.  Pick one of the A records and use it in the
> >corresponding PTR record (multiple PTR records are legal, but I generally
> >don't recommend them).
> 
> 	This brings up a point which I am not clear about.  Exactly
> what happens when there are multiple PTR records?  We have several
> redundant A records at our site and I usually remove all but one of
> the corresponding PTR records.  Does the reverse lookup just get all
> of them the way it can for MX records that point to a score of mail
> servers?

They do all come through, within the constraints of size.  What the program
that queried for them does is another issue.  I've had problems with some
servers that did a reverse lookup, and used only one name.  Instead of doing
a forward lookup with that name (it would have given the correct IP) they
instead matched the name with something (often failing) like a list of
authorized hosts.  The Typhoon news server comes to mind as one of the
sources of this problem.

IMHO, the ideal is to take all PTR results and forward lookup each, and
among those that have any IP matching the connection, consider them valid
and proceed with whatever other authentication might be needed.  But there
may be reasons not to do this, too, such as that being a lot of work to do
which slows things down, not many PTRs can be delivered since the results
are potentially long strings, and you may incur the wrath of the standards
purists.

I do give different domain names for different functional roles.  If one
machine has many roles (happens more often than I'd like) then those names
obviously get an A record to that machine.  I do try to also make sure a
PTR list for that machine reflects all the names I have given to it.  But
it can be a problem with a big list, so I generally try to keep it limited
to what might be essential.

-- 
Phil Howard | w8x5y5z7 at dumbads7.net eat1this at no0where.net ads5suck at anywhere.net
  phil      | end8it78 at dumbads0.com stop4it8 at no1place.org stop5it9 at spam0mer.edu
      at    | blow0me9 at no8place.org no1spam6 at spammer7.com w6x8y3z8 at nowhere5.net
  ipal      | w6x4y7z7 at anyplace.com crash652 at lame3ads.org stop2ads at anyplace.org
     dot    | stop2ads at nowhere1.net suck3it2 at spam2mer.edu stop2814 at spam7mer.edu
  net       | die4spam at nowhere0.com crash612 at s5p0a5m3.net stop5it8 at dumbads1.net

More information about the bind-users mailing list