reverse dns problems
Barry Margolin
barmar at genuity.net
Mon Aug 6 20:13:43 UTC 2001
In article <9kma5s$6ck at pub3.rc.vix.com>,
Jonathan de Boyne Pollard <J.deBoynePollard at tesco.net> wrote:
>
>MK> And how would you go about resolving names in the 208.21.15.0/25
>MK> network, when your server is set as authorative for reverse DNS on
>MK> 208.21.15.128/25 and in effect all of 208.21.15/24?
>
>WY> On a theoretical level, this is probably a Bad Thing, [...]
>
>On a practical level, if one follows the recommendation in the _DNS & BIND_
>book (as I said, the page number that I remember is 321, or somewhere
>thereabouts), the supposed difficulty simply doesn't exist.
It's not a good idea to configure a server as SOA for a higher level in the
hierarchy than has been delegated to you. When your server responds to a
query for 128.15.21.208.in-addr.arpa, it will include the NS records for
15.21.208.in-addr.arpa in its response, and many versions of BIND will
cache these NS records in place of the ones that pointed to the ISP's
servers. Once this happens, that server will no longer be able to resolve
addresses in the other subnets of the class C. Recent versions of BIND
have fixed this bug, but there are still plenty of sites running older
versions that are susceptible to this type of cache poisoning.
--
Barry Margolin, barmar at genuity.net
Genuity, Woburn, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.
More information about the bind-users
mailing list