Is my DNS set up properly for reverse lookups?
Steven M. Schultz
sms at wlv.iipo.gtegsc.com
Fri Jun 25 18:48:41 UTC 1999
h
Hi -
> From: Barry Margolin <barmar at bbnplanet.com>
> >444 PTR www.forstdomain.com.
> >444 PTR www.seconddomain.com.
>
> Yes. However, I don't recommend having multiple PTR records for the same
> address. It's legal, just potentially confusing.
It also "breaks" the TCP wrapper ("tcpd") because the POSIX
interface 'getnameinfo()' can't deal with multiple names being
returned by a reverse lookup. The older 'gethostbyaddr()'
routine can deal with the situation but if you're on a system
for which 'tcpd' has been IPv6'ified and/or POSIX'fied then
'tcpd' will declare a "mismatch".
The reason this happens is that 'tcpd' first does a reverse lookup:
if (getnameinfo(sa, sa->sa_len, host->name, sizeof(host->name),
NULL, 0, NI_NAMEREQD))
Note: there is no provision for returning multiple names.
During the triple crosscheck (addr->name, name->addr, addr->name)
it is possible to have a mismatch occur depending on which name gets
returned by 'getnameinfo'. I've seen it happen a couple times.
So while multiple in-addr.arpa entries are legal there is code (fairly
new/recent code at that) which doesn't/can't deal with it.
Steven Schultz
sms at wlv.iipo.gtegsc.com
More information about the bind-users
mailing list