What are the applications that need DNS reverse resolution?

Kevin Darcy kcd at chrysler.com
Tue Oct 14 04:57:07 UTC 2008


Alan Zoysa wrote:
> Hi All,
>
> What applications do we generally use that cannot do (or optionally
> require) without a reverse address resolution.
>
> Please correct me in the following:
> DNS servers no more give out their zone entries, except SOA. A reverse
> zone is generally defined on a subnet (sequential range of IP
> addresses). Does a DNS server (having set up a corresponding reverse
> zone for a forward zone) gives out almost all information about
> Name-IP binding via reverse zone (IP-Name bindings)?
>   
SMTP mail is one "application" that comes to mind, which often uses 
reverse lookups as a (crude, arguably obsolete) anti-spam measure. 
Clients with no reverse mappings, or whose reverse mappings do not match 
their forward mappings, are considered to be "suspect" and thus 
potential sources of spam.

DNS servers *do* give out their zone entries, not just SOA.

Reverse zones are defined on *octet*boundaries*, which may or may not 
correspond to "subnets". "Subnet" is a routing/switching term and DNS 
knows nothing of network topology.

There is no necessary "correspondence" between a forward zone and a 
reverse zone. We (Chrysler) are one example of an organization that has 
several reverse zones and hundreds of forward zones, and there is no 
consistent mapping between them.

If "Name-IP binding" means forward (name-to-address) mapping, and 
"IP-Name binding" means reverse (address-to-name) mapping, I don't why 
or how you would get the idea that forward lookups are made "via" 
reverse lookups.

The only thing that comes to mind is the "double lookup" phenomenon, 
where some types of server will, as a weak form of authentication, do a 
reverse lookup of the connecting client's address, then a forward lookup 
of the result obtained by the reverse lookup, and then compare the two. 
But "double lookups" are the exception rather than the rule. Most 
forward lookups are "spontaneous" in that sense and have nothing to do 
with reverse lookups.

                                                                         
               - Kevin



More information about the bind-users mailing list