Forward/reverse comparison
Brad Knowles
brad.knowles at skynet.be
Mon May 28 14:35:45 UTC 2001
At 8:32 AM -0400 5/28/01, Todd Snyder wrote:
> 1) We have 2 different IP blocks assigned to us, and we do forward/reverse
> for them, split into many domains. Is it BAD if we have more than one
> forward/reverse for a single ip? (ie: 123.123.123.123 resolves to
> nocserv1.tor.maxlink.com AND nocserv1.maxlink.net)
It is not technically illegal, but most applications can only
deal with one IP address resolving back into one name, and they may
not work right if you don't keep a one-to-one reverse name resolution.
So, I would suggest that you avoid this, if at all possible.
Instead, decide on the one true "canonical" name for the machine, and
have the IP address resolve back to that name.
For forward name resolution, you may or may not want to have all
"aliases" for this machine actually be CNAME records pointing to this
name, depending on just exactly what it is you're trying to do with
these names.
> 2) I want to go through ALL of our IP space and compare forwards to reverses
> ... I'm going to write a script that uses the deadly NSLOOKUP to do a
> forward on an IP, grab the name, then do a reverse on it, and if they don't
> match, dump it to a file. Does anyone have a better way to do it? It's
> going to pound our server, so I'll do it overnight or something, but if
> anyone has any better ideas, let me know.
Use "dnswalk". With the right options used on the command-line,
it will check all this stuff for you.
> 3) are there any tools that you would reccomend for regular DNS maintenance?
> we use webmin for our provisioning dept to maintain it, which works well,
> but I'm looking for command-line and batch kinda utils to check for various
> things.
Again, look at dnswalk. It's a really good DNS debugging tool.
I also suggest that you use "doc", which checks some things that
dnswalk doesn't, and also has the advantage that it does not require
zone transfer capability (so that it can download a complete copy of
your zone(s), which it then checks locally).
> 4) we're experiencing a LOT of latency with our HP Openview box and our DNS.
> They are on the same subnet, in fact, they are in the same rack. When using
> gethostbyname(), which HPOV uses, we see latency of upto 2hrs! for a single
> resolution, which is rendering the whole system useless because HPOV doesn't
> appear to do multiple lookups. I'm going to try installing BIND on our HPOV
> server and see if that helps (make it a caching server only. .. etc) .. but
> if anyone has any ideas whats going on, please, feel free to share.
Wherever feasible, I suggest installing application-specific
caching-only nameservers directly on the machines that will need
those services. This way, as you add more machines that do various
functions (and need DNS resolution), you also add more horsepower to
perform the DNS resolution that is required.
--
Brad Knowles, <brad.knowles at skynet.be>
/* efdtt.c Author: Charles M. Hannum <root at ihack.net> */
/* Represented as 1045 digit prime number by Phil Carmody */
/* Prime as DNS cname chain by Roy Arends and Walter Belgers */
/* */
/* Usage is: cat title-key scrambled.vob | efdtt >clear.vob */
/* where title-key = "153 2 8 105 225" or other similar 5-byte key */
dig decss.friet.org|perl -ne'if(/^x/){s/[x.]//g;print pack(H124,$_)}'
More information about the bind-users
mailing list