Name based hosts and bind

[Matus UHLAR - fantomas]

On 23.04.08 23:48, Bob Hoffman wrote:
> Okay, I will try to be more diligent.
> 
> I have a theoretical website that is ipbased. I add another theoretical
> website that uses the same ip number, this is what is called 'name based'.
> 
> Two websites, the ip-based www.mysite.com and the name based
> www.mysitename.com. They both use the same ip address and in the named.conf
> a master is made for each and a zone file is added to the var/named folder. 

a (web)site can't ba name-based or ip-based, those two represent
configuration of webservers which has (usually) nothing to do with DNS.

If you want to have two virtual hosts on the same IP(:port), you have to run
(at least) two name-based virtual hosts on that IP.

> However, an addr.arpa cannot be made for each since they use the same exact
> ip address.

sure it can. you can have

1.0.0.10.in.addr.arpa	IN	PTR	www1.emple.com
1.0.0.10.in.addr.arpa	IN	PTR	www2.emple.com

and

www1.example.com.	IN	A	10.0.0.1
www2.example.com.	IN	A	10.0.0.1

However it's not needed and I think most people will advise tou only to have
one PTR record, matching A record and maybe even not use 'www1' and 'www2'
but a generic server name there (do you name wour servers www1 and www2?)

> And since mail is sent out from mail.mysitename.com to a
> stringent aol, and aol looks up to find my PTR for mysitename.com to match
> my ip, they get nysite.com and bounce the mail back.

I strongly doubt about such behaviour of AOL servers. Most of mail servers
check PTR of connecting IP, then A of the name and if it points to the same
IP, they may compare HELO string to the name (but MUST NOT refuse mail if it
does not match) and optionally check SPF records

None of those implies that if you send mail from example.com, the client's
IP must be in example.com - you can make such requirement in your SPF
records, but don't do that if you will send mail from hosts with different
named.

> If you mean, it does not matter what the site listed in the PTR record is,
> and that the ip will resolve correctly anyway to either site (listed or not
> in the PTR) that is cool. But it seems kinda weird to just ignore the second
> site using the IP in the addr.arpa record.

Nothing is weird. Each server has only one name. Providing services for
other domains is quite common and I don't know of a server having thousands
of reverse records while I know of servers profiding services to thousands
of domains (mail and web)

> To further define. Each site in its own zone file will have a IN A
> mail.thesite and a MX for mail.thesite. They will not be sharing the same
> 'mail.mysite.com' but instead have one of their own.

do as you wish. MX will work if it points to the correct IP address,
independently on PTR records of the resulting IP and the name MX points to
(and that points to the IP).

I've got some customer complaints about this in the past, so I will try to
repeat it:

While your reverse name must match your IP (IP PTR name => name A IP),
NOTHING requires the opposite.


-- 
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
You have the right to remain silent. Anything you say will be misquoted,
then used against you.