Reverse address entries
Sam Wilson
Sam.Wilson at ed.ac.uk
Mon Jul 1 09:48:24 UTC 2013
In article <mailman.710.1372442831.20661.bind-users at lists.isc.org>,
Charles Swiger <cswiger at mac.com> wrote:
> On Jun 28, 2013, at 10:54 AM, "Ward, Mike S" <mward at SSFCU.org> wrote:
> > Hello all, is there any reason to setup reverse address entries for a zone?
>
> Certainly. Various software performs what's called a double-reverse lookup
> to confirm that the A and PTR records match.
Isn't that paranoid reverse lookup? Since reverse lookups can be faked
(I'll spare the details here) some uses of in-addr.arpa also require a
subsequent forward lookup. If there is no PTR record then the double
lookup doesn't happen. I don't know of anything to be gained by
requiring a reverse lookup after a forward lookup.
> > I have asked some of the admins here and the consensus from them is that
> > only A records are necessary. Is this true?
>
> I suppose that depends on how wide (or limited) one's view of "necessary" is.
>
> Many mail systems choose not to grant much trust towards IPs without good
> DNS.
> Java's SSL on some platform performs a double-reverse check and declines to
> proceed if there is a mismatch.
It's nice for humans too.
Sam
--
The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.
More information about the bind-users
mailing list