reverse lookup question

[Barry Margolin]

In article <cj2bmc$28t8$1 at sf1.isc.org>, ragan_davis at colstate.edu wrote:

> Hi,
> 
> Just wondering if anyone knows of a way to restrict who can perform reverse 
> lookups?  I was able to restrict normal (forward) lookups using "view".  My 
> problem is that the addresses I would like to restrict reverse on are 
> scattered among IP's that I DO NOT want to restrict.  Any ideas?
> 
> Here's an example:
> 
> 1 IN PTR host1.domain.com.
> 2 IN PTR host2.domain.com.
> 3 IN PTR host3.domain.com.
> 4 IN PTR host4.domain.com.
> 
> I want everyone to be able to reverse lookup on 1 and 3, but only certain 
> internal clients to do reverse lookup on 2 and 4.  Is this possible? 

You could use a technique similar to RFC 2317.  Make the in-addr.arpa 
records CNAME records:

1 IN CNAME 1.public.reverse.domain.com.
2 IN CNAME 2.internal.reverse.domain.com.
3 IN CNAME 3.public.reverse.domain.com.
4 IN CNAME 4.internal.reverse.domain.com.

Put both public.reverse.domain.com and internal.reverse.domain.com in 
your internal view, but only public.reverse.domain.com in your public 
view.  These two zones would contain the actual PTR records.

> Also, another dumb question -- do you have to name reverse lookup files in 
> the form "1.2.3.4.in-addr.arpa"?  Or could you use a name like 
> "special-revers.in-addr.arpa" or something?

You can name *files* anything you want.  I think you actually meant to 
ask about the zone names, not the file names.

When someone is performing a reverse lookup, they're going to take an IP 
address like 1.2.3.4 and look for 4.3.2.1.in-addr.arpa.  If you don't 
name your reverse zone according to that scheme, they won't find it.  
However, by using CNAME records, you can map names from the conventional 
scheme to any other scheme you want.

-- 
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***