a bit of theory about PTR records requested
Gregg Rosenberg
gregg at ricis.com
Wed Mar 29 14:54:21 UTC 2000
If we are talking external address space. Any address not actually being
used for accessing a machine on the inside or any address used for NAT is
given a generic name. You definitely must have an external reverse for
authentication.
Here you could try a wild card PTR. Although I don't like that method. My
preference is to setup generic names that can be easily script or
spreadsheet generated for both the forward and reverse.
Forward:
host-64-4-192-1 IN A 64.4.192.1
host-64-4-192-2 IN A 64.4.192.2
host-64-4-192-3 IN A 64.4.192.3
Reverse:
64.4.192.1 IN PTR host-64-4-192-1.
64.4.192.2 IN PTR host-64-4-192-2.
64.4.192.3 IN PTR host-64-4-192-3.
You can make the names as simple or complex as you like.
At 08:26 AM 03/29/2000, Martijn van Katwijk wrote:
>At 15:44 29-3-00, Gregg Rosenberg wrote:
>>With the address range you are showing, I will assume that we are looking
>>at an internal DNS for address space behind your firewall.
>
>No, i'm sorry, it was meant to be an example. Wrong example...
>
>I'm deleting a lot of PTR records now (one PTR per IP), so i'm happy. I
>know what to do.
>
>Thanks!
>
>
>>There are slight performance advantages to setting up reverses. If your
>>users are not connecting to any services on the inside that require
>>reverse authentication it likely does not matter. I personally consider
>>it a good practice to do. Depending on your environment there are
>>different ways to approach this. If you are running a DHCP server with
>>statically assigned leases, you can dump your DHCP table into Excel (or
>>some other favorite spreadsheet tool) and use a macro to make the reverse
>>file. You could write a script to convert your forward into a reverse
>>and run it each time you make a change. (one may exist on the net,
>>although I don't personally no of it. The other option might be to
>>consider using dynamic DNS with DHCP. This is still a bit new and likely
>>will require patience and testing. I hope these ideas are helpful.
>>
>>At 03:33 AM 03/29/2000, Martijn van Katwijk wrote:
>>>Hi,
>>>
>>>I also have zones like this:
>>>domain.com. IN A 192.168.1.60
>>>www IN CNAME domain.com.
>>>
>>>In fact I have quite a lot of these, all pointing to a single virtual
>>>name based webserver with only a few IP nrs assigned to it.
>>>So I have a lot of A records to a single IP nr.
>>>
>>>Do I have to configure a PTR for each A record? Or is that meaningless.
>>>
>>>Thanks,
>>>Martijn
>>
>>--
>>Gregg Rosenberg -- N9NNO
>>RICIS, Inc.
>>gregg at ricis.com
>>
>>"Obstacles are those frightful things you see when you
>>take your eyes off your goals." Author unknown
>>
>>
>
>
>Martijn van Katwijk
>__________________________________________
>AAA on Internet
>http://www.aaa.nl/
>info at aaa.nl
>+31 342 418225 (Tel)
>+31 342 423568 (Fax)
>
>
>http://www.uwnaamhier.nl?
>http://Registreer.uwDomein.nu!
>
>
>
--
Gregg Rosenberg -- N9NNO
RICIS, Inc.
gregg at ricis.com
"Obstacles are those frightful things you see when you
take your eyes off your goals." Author unknown
More information about the bind-users
mailing list