Validity of CNAME to a PTR

Mark Andrews Mark_Andrews at isc.org
Sat Nov 1 08:02:45 UTC 2008


In message <9FDAC74F-3774-4E0D-91A3-A1392BA914A2 at newgeo.com>, Scott Haneda writ
es:
> I am looking at PTR checking on a email server.  In test, I see there  
> are a few DNS setups where they CNAME their PTR records.  From a RFC  
> standpoint, is this valid, I am not finding any data to claim one way  
> or the other.

	Yes.  It's common for any address assignment block smaller
	than a /24 and has been for over 10 years now.
 
> If it is acceptable, and I realize this is getting as bit off topic,  
> is the only recourse to simply whitelist those hosts that are doing  
> this?

	That one depends on the software you are using.  Personally
	I would fix the software as it is broken.  Alternatively
	you could stop checking PTR records.  There's little real
	benefit in it.

> Here is the first one I found, that tripped up my filter test (mysql  
> mailing list):
> $dig -x 213.136.52.31
> 
> ; <<>> DiG 9.4.2-P2 <<>> -x 213.136.52.31
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28031
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
> 
> ;; QUESTION SECTION:
> ;31.52.136.213.in-addr.arpa.	IN	PTR
> 
> ;; ANSWER SECTION:
> 31.52.136.213.in-addr.arpa. 86400 IN	CNAME	31.0-25.52.136.213.in- 
> addr.arpa.
> 31.0-25.52.136.213.in-addr.arpa. 3600 IN PTR	lists2.mysql.com.
> 
> --
> Scott
> 
> 
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org


More information about the bind-users mailing list