internal network PTR records, necessary?

James Chase chase1124 at gmail.com
Wed Aug 14 02:06:06 UTC 2013


This isn't a problem with bind, that I'm aware of but I was hoping someone
could shed a little DNS expertise on a situation that happened Monday
morning. I'll be very brief: We started experiencing problems with
connectivity from our application servers to a couple database servers. I
narrowed the problem down to remote logins over tcp/ip and then by noticing
SSH was also connecting slowly, found that the SSH connection was hanging
doing a reverse lookup on the internal ip address. After doing some mysql
research I was able to find the option to tell mysql to skip this lookup
and it solved our problem

My dillema has been trying to figure out why the issue started in the first
place. There have been no DNS changes for months, and we have never kept
PTR records for our internal IPs at our nameservers. This has always "just
worked", so why would these lookups start hanging monday morning without
any configuration changes? Later in the day the SSH connections were quick
again within the internal network. Could it just have been that our DNS
server wasn't functioning properly for a period of time? We are monitoring
this server with nagios so I would be surprised. Should I be concerned
about not having internal PTR records? I have never even considered the
necessity of setting this up.

I noticed if I do a reverse lookup on an internal IP it seems to reference
an iana server. Do we have a misconfiguration to be going out there for an
answer? Could it be that this iana server was not responding monday morning?

; <<>> DiG 9.3.6-P1-RedHat-9.3.6-20.P1.el5_8.6 <<>> -x 192.168.1.50
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 1252
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;50.1.168.192.in-addr.arpa.     IN      PTR

;; AUTHORITY SECTION:
168.192.in-addr.arpa.   300     IN      SOA     prisoner.iana.org.
hostmaster.root-servers.org. 2002040800 1800 900 604800 604800

;; Query time: 147 msec
;; SERVER: 192.168.1.180#53(192.168.1.180)
;; WHEN: Tue Aug 13 22:00:25 2013
;; MSG SIZE  rcvd: 120

-- 
"Beware of all enterprises that require new clothes."
  --  Henry David Thoreau
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20130813/3512ece9/attachment.html>


More information about the bind-users mailing list