Reverse address entries

Novosielski, Ryan novosirj at
Fri Jul 12 15:39:07 UTC 2013

Hash: SHA1

On 07/12/2013 11:23 AM, Sam Wilson wrote:
> In article
> <mailman.736.1372773195.20661.bind-users at>, Steven
> Carr <sjcarr at> wrote:
>> On 2 July 2013 14:42, Sam Wilson <Sam.Wilson at> wrote:
>>> Can anyone here give examples of the types of various software
>>> that will not operate without a PTR record?
>> There have already been numerous listings of software that
>> require reverse lookups. SMTP being the main one. Other services
>> like IRC and some databases (Oracle/MySQL) can also be configured
>> to require properly working reverse lookups.
> "... can also be configured ..." - see below.
>>> I agree that if PTR records exist then they should match an A
>>> record. My experience (and IIRC correctly the word of several
>>> RFCs) is that PTRs are not required for most things to work.
>> RFC1912 [] section 2.1...
>> Every Internet-reachable host should have a name... Make sure
>> your PTR and A records match.  For every IP address, there should
>> be a matching PTR record in the domain.  If a host
>> is multi-homed, (more than one IP address) make sure that all IP
>> addresses have a corresponding PTR record (not just the first
>> one). Failure to have matching PTR and A records can cause loss
>> of Internet services similar to not being registered in the DNS
>> at all.  Also, PTR records must point back to a valid A record,
>> not a alias defined by a CNAME.
> Sorry for the delay in returning to this.  RFC 1912 says:
> Status of this Memo
> This memo provides information for the Internet community.  This
> memo does not specify an Internet standard of any kind. ...
> To make myself clear, I'm a big fan of correct PTR records and we
> try to make sure that our reverse DNS is fully populated.  I do not
> regard lack of a valid PTR record to be a reason to refuse
> connection except, perhaps, in very particular circumstances, for
> instance where it might be part of a trust stance.  That would be
> by agreement between consenting adults, not the law of Internetland
> in general.

Came across another instance where it may matter: TCP Wrappers.
Although the case there was a bit more peculiar -- does not
appear to have FORWARD DNS for at least some of its dynamic address
space. So you can get a PTR, and then address validation fails on the
forward address. I guess perhaps if you had no PTR it would never go
that far.

- -- 
 ____*Note: UMDNJ is now Rutgers-Biomedical and Health Sciences*
 || \\UTGERS      |---------------------*O*---------------------
 ||_// Biomedical | Ryan Novosielski - Sr. Systems Programmer
 || \\ and Health | novosirj at - 973/972.0922 (2x0922)
 ||  \\  Sciences | OIT/EI-Academic Svcs. - ADMC 450, Newark
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with undefined -


More information about the bind-users mailing list