Multiple PTRs for the same IP

Mark Andrews Mark_Andrews at isc.org
Fri Jan 26 23:25:22 UTC 2007 

> Hello All,
> 
> I'm trying to find something "official" that states, or explains, why multip
> le
> PTRs for the same IP are not a very good idea.

	They are not a good idea because they don't scale.  In the
	past large web hosters attempted to put a PTR record for
	every virtual site on their servers.  This ends up exceeding
	the limits of normal query resolution support.  You get
	truncated TCP responses. You have to resort to AXFR to
	retrieve the PTR records.

	The DNS does not impose a order on returned records.  If you
	have multiple PTR records and you are trying to do access
	control by name the application has to either list all the
	names (if it looks at h_name) or try all the aliases.  Not
	all lookup mechanism supply all the names which inturn
	leads to maintenance issues on the access lists.
 
	Think of PTR records in the reverse tree as returning the
	canonical name of the machine.  Usually this would be the
	name the machine knows itself as (fully qualified).  If you
	do this you won't break the API's for returning the name of
	the machine based on the address.

> Let me explain what I am talking about, and where I am hoping to go with it.
> 
> In previous discussions on this topic, folks have mentioned things like:
>  - most utilities will only use the first PTR returned in a query. So, why h
> ave
> many?
>  - many PTRs may require TCP, rather than UDP, query traffic. This may cause
> issues if UDP is expected/enforced (or why initiate unnecessary overhead)
>  - many PTRs may cause confusion when doing an rDNS check on a hostname (eg.
> they may not necessarily match in a round-robin scenario with multiple PTRs 
> --
> counter productive?)
> 
> My google searches find similar blogs that agree that multiple PTRs are a ba
> d
> idea.
> One blog even says it is a "violation" to do so, but without reference to
> back this claim.
> 
> Another tool says that while more than one PTR record for an IP is "legal", 
> but
> it suggests to use only on PTR record for reasons pointed out above.
> 
> While all of the above is excellent feedback from DNS gurus, I have been una
> ble
> to find anything "official" to refer an upper management audience to on this
> topic.
> 
> Does anyone know of an RFC that discusses this (hopefully, in our favor that
> multiple PTRs for the same IP is not a good thing).
> Some other similar reputable source, perhaps, I can reference?
> 
> TIA -- Chris
> 
> PS
> I hope not to offend anyone for the feedback on this topic thus far.
> That is not my intent.
> I am looking for something to support policy. We all know that game, right?
> I hope that is understood.
> 
> 
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org

More information about the bind-users mailing list