Multiple PTR reverse lookup problem (BIND9 resolver broken?)
Barry Margolin
barmar at genuity.net
Tue Mar 26 21:15:33 UTC 2002
In article <a7qhjv$56n at pub3.rc.vix.com>, David <hazerunner at hotmail.com> wrote:
>The problem is primarily with IRC, it doesn't show a consistent
>hostname, and certain services look for that. Of course IP addresses
>are used for security however certain applications and functions still
>look at the forward and reverse IP to match. When the
>resolver/client/whatever returns a different result every time, those
>functions do not work.
As long as both names match forward and reverse (as they apparently do in
this case), those functions should work no matter which name is first.
Where I suppose you could run into trouble is if a service is doing
domain-based access control. They'll presumably put your custom domain in
the access list, but not the ISP's domain (since that would allow everyone
on that ISP to use the service). If the access list checker only looks at
the first PTR record returned, it will indeed have inconsistent success.
I'd consider that a bug in the access checker -- it should try all the
names that are returned, to see if any of them are in the access list.
--
Barry Margolin, barmar at genuity.net
Genuity, Woburn, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.
More information about the bind-users
mailing list