Many A-records
Alan Schwartz
alansz at tala.mede.uic.edu
Thu Apr 8 21:52:14 UTC 2004
Barry Margolin <barmar at alum.mit.edu> writes:
>In article <c52vmm$1c1u$1 at sf1.isc.org>, "fih" <frhak at hotmail.com>
>wrote:
>
>> Good point!
>>
>> I have been spending hours about this discussion the latest days. More and
>> more I'm convinced that how i work and always have worket is fine. But i
>> have to admit that there is no rules against having more than one A-record
>> which i always have believed.
>>
>> My current thoughts leads to questions like. Ok if they use A-records
>> instead of Cnames i wonder what they do about the PTR records. I heave read
>> that it's OK to have multiple PTR records. But for applications that uses
>> A-records and PTR-records i guess it will not work. Examples i can think of
>> is Sendmail, NFS and Backup solutions. (I could be wrong here, if a resolver
>> recieves a list of PTR records it might be so that it will check for the
>> proper one, i don't know)
>
>As long as every PTR record has a matching A record, it's OK. You don't
>have to have a PTR record for every A record. So the following is a
>good setup:
>
><name1> A 1.2.3.4
><name2> A 1.2.3.4
><name3> A 1.2.3.4
>4.3.2.1.in-addr.arpa. PTR <name1>
To expound on Barry's usual excellent posting.
Sendmail, etc, systems that do reverse lookups on clients do the
following:
Take the IP of the client (which is a feature of the IP connection,
so you always have that)
Look up the PTR record for the IP (which gets you back some hostname)
Look up the A record for that hostname (which gets you back 1+ IP
addresses)
If the original client IP doesn't appear in the list of A records that
come back, deny access or scream and yell or whatever.
Note that this works just fine with a setup like Barry's.
1.2.3.4 connects
The PTR lookup yields <name1>
The A lookup on <name1> gets you back 1.2.3.4
The addresses match.
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Alan Schwartz <alansz at uic.edu>
Author of: "Managing Mailing Lists", "Stopping Spam" (Schwartz & Garfinkel),
"Practical Unix & Internet Security, 3rd Ed" (Garfinkel, Spafford, Schwartz)
Published by O'Reilly and Associates, Inc. (http://www.ora.com)
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
More information about the bind-users
mailing list