Reverse DNS and RFC 2317
Chris McCluskey
chrism at xnewmedia.com
Thu May 18 02:36:31 UTC 2000
It's been from my experiance that the Reverse DNS provides 2
functions. The first is naturally to be able to trasnlate the IP addresses
back into FQDNs. This is good for tracing down problems and identifying
netwrok segments. Altogether unnecessary for basic functionality (altough
others might disagree).
The main problem I have found is when remote servers use Reverese DNS
lookups to varify your address -- a "pseudo" host based authentication
(for example Netscape uses it to confirm that you are located in a 128-bit
SSL authroized location). Also, while many sites will allow you to use
their services without the Reverse DNS lookups, many will not let you
proceed untill the DNS query expires -- which should be as high as approx
70 seconds / query. SO some ftp trasnfer could take up to 3 minutes to
connect.
On Wed, 17 May 2000, Gary Wardell wrote:
>
> Since we are talking about reverse zones, etc.
>
> I am running a DNS, a web server and mail server each with several domains.
>
> My upstream ISP says that their DNS isn't setup to delegate the reverse
> zone for my IP block, 209.147.72.32/28 to me. They also have almost none
> of the class C that I'm in defined and seem reluctant to set mine block up.
>
> Before I start pressing for something I don't need since every thing seems
> to be running nicely right now.
>
> Does the reverse zone really have to be setup and what might happen if it
> isn't set up?
>
> TIA,
>
> Gary
>
>
>
>
More information about the bind-users
mailing list