Reverse lookups

Tim Maestas tmaestas at dnsconsultants.com
Sat Dec 9 20:06:47 UTC 2000 



	Typically, clients will not look past the first PTR record
	returned.  While you *can* defined multiple PTR records for
	the same address, this is usually useless.

	If you are simply doing web hosting with virtual domains
	it really shouldn't matter what host is returned on a
	reverse lookup.  Usually only security concerned apps will
	perform a reverse lookup on the incoming IP, and then 
	perform a forward lookup on the resulting hostname to
	attempt to insure that the IP is not being spoofed.  In any
	case this should not cause you a problem.

-Tim


On Sat, 9 Dec 2000, John Cichy wrote:

> Tim,
> 
> Thanks for your reply.  The RFC helps from my end, but the ISP won't (I don't
> think they know they can or how) perform classless reverse delegation (I
> already asked). They will allow me to send them the hostnames though, but I'm
> wondering, because a hostname is returned, do I really need to do this? If I
> did get them to do the delegation, would I be able to have 4 domains returned
> on the lookup? I thought I read somewhere that most clients only look at the
> first name anyway? I'm not trying to get out of the work, just trying to
> understand why I need to do it.
> 
> Have a great day...
> John
> 
> Tim Maestas wrote:
> 
> >         John, if you want delegation on a smaller than class C boundry,
> >         your ISP will have to perform classless reverse delegation,
> >         described in RFC2317.
> >
> >         When, as in your example, you define the zone
> >         1.168.192.in-addr.arpa, but you don't own the whole class C,
> >         you blind yourself to the rest of the addresses.
> >
> > -Tim
> >
> > On Sat, 9 Dec 2000, John Cichy wrote:
> >
> > >
> > > Hello all,
> > >
> > > This is my first post, please be gentle.
> > >
> > > I need some advice about reverse-lookups. I have 5 static IP addresses
> > > supplied to me by my ISP.  I have bind 2.2p5 setup to resolve my ip's to
> > > the proper hosts on my network. The problem comes in when I try to
> > > reverse lookup, if in named.conf I put:
> > >
> > > zone "1.168.192.in-addr.arpa" IN {
> > >     type master;
> > >     file "db.192.168.1";
> > > }   ; example addresses changed purposely
> > >
> > > nslookup returns the proper hostnames for my IP's
> > > (192.168.1.10,192.168.1.11,192.168.1.12.192.168.1.13,192.168.1.14), but
> > > fails on any IP's that are outside of my range (ex 192.168.1.50), this
> > > makes sense because I have not defined this address.
> > >
> > > If I try to use my network number (192.168.1.9) in the zone statement:
> > >
> > > zone "9.1.168.192.in-addr.arpa" IN {
> > >     type master;
> > >     file "db.192.168.1";
> > > }   ; example addresses changed purposely
> > >
> > > nslookup  asks my ISP's dns servers to resolve the address, again this
> > > makes sense because if I asked for 192.168.1.10 bind should not use this
> > > zone. My ISP says that they will update their reverse lookup tables if I
> > > send them a hostname for each IP. Sounds great, but here is my concern,
> > > I am running virtual hosts on the ip's. Will it cause problems when
> > > someone has received the IP 192.168.1.10 for virtualhost2.com, but when
> > > reverse lookup is done the get mainhost.com instead? I don't completely
> > > understand what the adverse affects of a different hostname being
> > > returned on the reverse-lookup.
> > >
> > > BTW: my ISP's dns servers do return a hostname, although not mine, maybe
> > > I should not do anything with reverse-lookup then????
> > >
> > > Thanks in advance and have a great day...
> > > John
> > >
> > >
> > >
>

More information about the bind-users mailing list