Multiple PTRs to single A record

Jim D. Kirby jdkirby at bluebunny.com
Thu Jun 28 16:31:36 UTC 2001


I was given some suspect advice recently about router management.  I was
told that some network management systems require that all IP addresses on a
router resolve to a single name.  I've been thinking long and hard about
this for a couple of days and I think I've thunk myself into circular
reasoning and I can't see straight anymore.  Here's what I think it means:
 
in the forward zone we want:
 
router-primary        IN A    10.0.0.1
router-if1            IN A    10.0.10.1
router-if2            IN A    10.0.20.1
etc...
 
And in the reverse zone we have:
 
10.0.0.1             IN PTR   router
10.0.10.1            IN PTR   router
10.0.20.1            IN PTR   router
 
This means that lookups on the name will always return the address of the
interface assigned to that name, but reverse lookups on the address would
always return the router's primary name.
 
This was suggested (in a Cisco Press book) because some network management
systems will see and independant A/PTR pair as a distinct network nodes,
when in fact they are interfaces on the same node.  I know CA's Unicenter
TNG behaves this way.  Ciscoworks 2000 does not.
 
I was thinking of setting the router's loopback interface as the primary IP
address for the router, and adding PTR records for each IP address to that
name.  I can't find anything that says this is against RFC's, but I have
read on the list that some resolvers will flag a security issue if, on
receiving a respons for a PTR query, a subsequent query on the name does not
return the same address.
 
Can any gurus confirm that this is good/bad advice?
---- 
Jim Kirby
Senior Network Engineer/Architect
Wells' Dairy, Inc.
Main: 712-546-4000  Direct: 712-548-2919  Fax: 712-548-3106
mailto: jdkirby at bluebunny.com <mailto:jdkirby at bluebunny.com>
http://bluebunny.com <http://bluebunny.com/> 

 


--------------------------------------- 
The information in this e-mail is the property of Wells' Dairy, Inc., and
should be considered confidential and may be legally privileged.  It is
intended solely for the addressee.  If you are not an addressee, you are not
authorized to read, copy or use the e-mail or any attachment.  If you have
received this e-mail in error, please notify the sender by return e-mail and
then destroy it.




More information about the bind-users mailing list