ns_resp

Bill Myers wmyers at tns-inc.com
Tue Jul 13 20:57:04 UTC 1999 

> -----Original Message-----
> From: Mark_Andrews at isc.org [mailto:Mark_Andrews at isc.org]
> Sent: Tuesday, July 06, 1999 7:46 PM
> To: Sami Yousif
> Cc: comp-protocols-dns-bind at moderators.uu.net; Mark_Andrews at isc.org
> Subject: Re: ns_resp
>
>
>
> > Mark_Andrews at isc.org wrote:
> >
> > > The nameservers for 31.216.209.in-addr.arpa only use
> > > a 8k buffer for their TCP response.  Unfortunately
> > > they seem to want to put every name under the sun
> > > into this RRset and overflow this buffer.
> > >
> > >  Mark
> >
> > They probably use an automated script to generate the reverse zones...
> >
> > Thing is... even w/ multiple in-addrs, isn't the only relevant
> > one the first one for a particular address? (so if it DID work,
> > the only entry returned would be the name of the first one on
> > that list....)
> >
> > isnt this is why on name based virtual web domains the real ip
> > of the server (in this case 209.216.31.2) should be called
> > something like vserver.domain.com, and a single 2.31.216.209.in-addr
> > ptr record pointing to vserver.domain.com is all that would have
> > been needed. The other domains listed should not have a ptr
> > pointing to them. In the forward zone file they should be cnames
> > and not A records....
> >
> > or do I have something misunderstood somewhere?
>
> I only ever list one name, the one I deem to be the official
> name for the box.  I also ensure that there is a A record for
> that name.  As for the other names being hosted by the web
> server, it does not matter if they are A / CNAME records.
>
> Mark

Using an A record for the other names would cause a mismatch with
the PTR record.

Question:
Would browsers not recognize SSL certificates registered
to the domain names not matching the PTR record?

If so, how could SSL ever work properly with virtual web server names?
The only scenario that seems like it would work is if the SSL
certificate is registered to "domainA.com" and all virtual hosts
would be of the form "host1.domainA.com", "host2.domainA.com", etc.
But, wouldn't SSL break if the names were "www.domainA.com" and
"www.domainB.com"?

Bill Myers
Total Network Solutions
Internetwork Solutions Engineer
wmyers at tns-inc.com
http://www.tns-inc.com/

> >
> > --
> > -
> >
> > Sami Yousif
> >
> mailto:syousif at iname.com
> >
> > http://www.mav.net/teddyr/syousif/      Personal Page
> > http://www.alug.org/                    Amarillo Linux Users Group
> >
> > [eMail sent to any of my addresses is subject to the Conditions outlined
> > in http://www.mav.net/teddyr/emailtos.shtml]
> >
> >
> >
> --
> Mark Andrews, Internet Software Consortium
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org
>

More information about the bind-users mailing list