Reverse address entries

Sam Wilson Sam.Wilson at
Mon Jul 1 09:48:24 UTC 2013

In article <mailman.710.1372442831.20661.bind-users at>,
 Charles Swiger <cswiger at> wrote:

> On Jun 28, 2013, at 10:54 AM, "Ward, Mike S" <mward at> wrote:
> > Hello all, is there any reason to setup reverse address entries for a zone?
> Certainly.  Various software performs what's called a double-reverse lookup
> to confirm that the A and PTR records match.

Isn't that paranoid reverse lookup?  Since reverse lookups can be faked 
(I'll spare the details here) some uses of also require a 
subsequent forward lookup.  If there is no PTR record then the double 
lookup doesn't happen.  I don't know of anything to be gained by 
requiring a reverse lookup after a forward lookup.

> > I have asked some of the admins here and the consensus from them is that 
> > only A records are necessary. Is this true?
> I suppose that depends on how wide (or limited) one's view of "necessary" is.
> Many mail systems choose not to grant much trust towards IPs without good 
> DNS.
> Java's SSL on some platform performs a double-reverse check and declines to 
> proceed if there is a mismatch.

It's nice for humans too.


The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.

More information about the bind-users mailing list