Name based hosts and bind

Bob Hoffman bob at bobhoffman.com
Thu Apr 24 03:48:48 UTC 2008 

Okay, I will try to be more diligent.

I have a theoretical website that is ipbased. I add another theoretical
website that uses the same ip number, this is what is called 'name based'.

Two websites, the ip-based www.mysite.com and the name based
www.mysitename.com. They both use the same ip address and in the named.conf
a master is made for each and a zone file is added to the var/named folder. 

However, an addr.arpa cannot be made for each since they use the same exact
ip address.

Therefore, the addr.arps file for this ip address will return only one PTR
record. 
	IN	PTR	mysite.com

And not mention the other one, mysitename.com

The mention of mx records was perhaps a general term, let me rephrase. Each
of these theoretical websites HAS an MX record because they each have their
OWN mail server. And since mail is sent out from mail.mysitename.com to a
stringent aol, and aol looks up to find my PTR for mysitename.com to match
my ip, they get nysite.com and bounce the mail back.

In other words, although there is a PTR record dealing with the correct ip,
only the domain mysite.com is listed in it, not mysitename.com

Now name based sites are used as a term in virtual hosting, but do have the
added problem of not having an ip to specifically make a addr.arpa file for
that one domain, since there are multiple domains.

If you mean, it does not matter what the site listed in the PTR record is,
and that the ip will resolve correctly anyway to either site (listed or not
in the PTR) that is cool. But it seems kinda weird to just ignore the second
site using the IP in the addr.arpa record.

To further define. Each site in its own zone file will have a IN A
mail.thesite and a MX for mail.thesite. They will not be sharing the same
'mail.mysite.com' but instead have one of their own.

> -----Original Message-----
> From: bind-users-bounce at isc.org 
> [mailto:bind-users-bounce at isc.org] On Behalf Of Barry Margolin
> Sent: Wednesday, April 23, 2008 11:08 PM
> To: comp-protocols-dns-bind at isc.org
> Subject: Re: Name based hosts and bind
> 
> In article <fuoso2$30ht$1 at sf1.isc.org>,
>  "Bob Hoffman" <bob at bobhoffman.com> wrote:
> 
> > > Name-based web hosting doesn't use PTR.  It gets the name 
> from the 
> > > HTTP "Host:" request-header, which comes from the URL 
> that was given 
> > > to the browser.
> > 
> > Except I was talking about the mx records and how another 
> mail server 
> > will want to look up who sent it. And they do look at PTR 
> records and 
> > do not care if the site it came from is namebased or not, 
> they want the ptr record.
> 
> I'm not sure what you're talking about.  MX records are used 
> for SENDING mail, and have nothing to do with receiving mail.
> 
> > 
> > 
> > > 
> > > In mail, the "Received:" header will typically look 
> something like:
> > > 
> > > Received: from <HELO name> (<ip addr> [<PTR name>]) ...
> > > 
> > > I've heard of systems that will reject mail if the <HELO
> > > name> is not the same as the <PTR name>, but this is usually
> > > a bad idea.  It causes problems on multi-homed hosts, 
> because they 
> > > don't usually tailor their HELO name to the source IP of the SMTP 
> > > connection.  The more acceptable check is that there IS a PTR 
> > > record, and perhaps that <PTR name> resolves to <ip
> > > addr> (i.e. forward and reverse consistency).
> > 
> > And if I read you right, that is the area of my question. I 
> have not 
> > set up sendmail enough yet to really use it or a name based 
> site yet, 
> > but from what I hear they do reject if the mail was sent from 
> > mail.2ndsite.com (a name
> > based) and the ptr says 1st.site.com (ip based on same ip as name 
> > based.) This is conjecture and I cannot prove it, but I 
> know aol is a 
> > pretty fussy group.
> 
> Your use of the phrase "name based site" is really confusing 
> me.  The only type of "name based site" I know of is virtual 
> web hosting, as I described above.
> 
> You're correct that AOL is *very* stringent.  If you want to 
> be as safe as possible, make sure the following are all true:
> 
> 1. The IP your outgoing mail comes from has a PTR record 
> pointing to <PTR name>.
> 
> 2. <PTR name> has an A record containing that same IP.
> 
> 3. The mailserver's <HELO name> is the same as <PTR name>.
> 
> You can have additional A records that point to that IP, they 
> will never be noticed because the verification process starts 
> with the IP.
> 
> --
> Barry Margolin, barmar at alum.mit.edu
> Arlington, MA
> *** PLEASE don't copy me on replies, I'll read them in the group ***

More information about the bind-users mailing list