a bit of theory about PTR records requested

Gregg Rosenberg gregg at ricis.com
Wed Mar 29 14:54:21 UTC 2000 

If we are talking external address space.  Any address not actually being 
used for accessing a machine on the inside or any address used for NAT is 
given a generic name.  You definitely must have an external reverse for 
authentication.

Here you could try a wild card PTR.  Although I don't like that method.  My 
preference is to setup generic names that can be easily script or 
spreadsheet generated for both the forward and reverse.

Forward:
host-64-4-192-1 IN      A       64.4.192.1
host-64-4-192-2 IN      A       64.4.192.2
host-64-4-192-3 IN      A       64.4.192.3

Reverse:
64.4.192.1              IN      PTR     host-64-4-192-1.
64.4.192.2              IN      PTR     host-64-4-192-2.
64.4.192.3              IN      PTR     host-64-4-192-3.

You can make the names as simple or complex as you like.


At 08:26 AM 03/29/2000, Martijn van Katwijk wrote:
>At 15:44 29-3-00, Gregg Rosenberg wrote:
>>With the address range you are showing, I will assume that we are looking 
>>at an internal DNS for address space behind your firewall.
>
>No, i'm sorry, it was meant to be an example. Wrong example...
>
>I'm deleting a lot of PTR records now (one PTR per IP), so i'm happy. I 
>know what to do.
>
>Thanks!
>
>
>>There are slight performance advantages to setting up reverses.  If your 
>>users are not connecting to any services on the inside that require 
>>reverse authentication it likely does not matter.  I personally consider 
>>it a good practice to do.  Depending on your environment there are 
>>different ways to approach this.  If you are running a DHCP server with 
>>statically assigned leases, you can dump your DHCP table into Excel (or 
>>some other favorite spreadsheet tool) and use a macro to make the reverse 
>>file.  You could write a script to convert your forward into a reverse 
>>and run it each time you make a change.  (one may exist on the net, 
>>although I don't personally no of it.  The other option might be to 
>>consider using dynamic DNS with DHCP.  This is still a bit new and likely 
>>will require patience and testing.  I hope these ideas are helpful.
>>
>>At 03:33 AM 03/29/2000, Martijn van Katwijk wrote:
>>>Hi,
>>>
>>>I also have zones like this:
>>>domain.com.     IN      A       192.168.1.60
>>>www             IN      CNAME   domain.com.
>>>
>>>In fact I have quite a lot of these, all pointing to a single virtual 
>>>name based webserver with only a few IP nrs assigned to it.
>>>So I have a lot of A records to a single IP nr.
>>>
>>>Do I have to configure a PTR for each A record? Or is that meaningless.
>>>
>>>Thanks,
>>>Martijn
>>
>>--
>>Gregg Rosenberg -- N9NNO
>>RICIS, Inc.
>>gregg at ricis.com
>>
>>"Obstacles are those frightful things you see when you
>>take your eyes off your goals."  Author unknown
>>
>>
>
>
>Martijn van Katwijk
>__________________________________________
>AAA on Internet
>http://www.aaa.nl/
>info at aaa.nl
>+31 342 418225 (Tel)
>+31 342 423568 (Fax)
>
>
>http://www.uwnaamhier.nl?
>http://Registreer.uwDomein.nu!
>
>
>

--
Gregg Rosenberg -- N9NNO
RICIS, Inc.
gregg at ricis.com

"Obstacles are those frightful things you see when you
take your eyes off your goals."  Author unknown

More information about the bind-users mailing list