Multiple PTR Records from One IP Address

Tue Feb 26 20:26:43 UTC 2008

You're assumption being that all PTR records are for reverse lookups?

Our company has an overarching domain that is fairly elemental and we
had multiple PTR records for forward lookups to make other domains
aliases of this domain.  Of course the reverse was only tied to the
primary domain but then again we weren't using the other domains for
anything other than web sites.

The thing that actually got us to move away from this for most domains
wasn't technical - it was commercial.  i.e Google doesn't like it when
you redirect inbound connections on your web site if you're paying them
for advertising.

-----Original Message-----
From: bind-users-bounce at isc.org [mailto:bind-users-bounce at isc.org] On
Behalf Of Fr34k
Sent: Tuesday, February 26, 2008 3:13 PM
To: Persiko, Mark; bind-users at isc.org
Subject: Re: Multiple PTR Records from One IP Address

Hello,

Multiple PTRs are a "customer education issue".
Often, as you suspect, a customer will believe they need multiple PTRs
to match the multiple A records for such things as virtual hosting email
or websites.

In the case of email hosting, I typically explain to them that while
they can host 5 billion email domains, a node on the Internet only has
one name as far as that node's hostname is concerned.
For example, the hostname that is passed during the initial SMTP 220
helo communication.

Typically, I tell them that the PTR should match this name as most
beneficial for anti-abuse measures.
Need more ammo? Look at the full header of any out-bound email which
shows the single hostname and how this does NOT change regardless the 5
billion hosted email domains on the server.

Same with a web server hosting 5 billion websites.

Make it your policy for only one PTR per IP address and stop the
madness.
Spread the word -- friends don't let friends use multiple PTRs.

I hope this helps -- Chris

----- Original Message ----
From: "Persiko, Mark" <Mark.Persiko at Level3.com>
To: "bind-users at isc.org" <bind-users at isc.org>
Sent: Tuesday, February 26, 2008 2:24:26 PM
Subject: Multiple PTR Records from One IP Address

Hello,
We have customers who want to name serve multiple hostnames off of a
single IP address.  I am aware of two objections to this practice (feel
free to correct my thinking here):

1)  Resolvers (most, or many, or some?) will only use the first hostname
received in an answer to a PTR query for an IP address, and will throw
the rest away anyway, thus causing indeterminate behavior.

2) Too many PTR records (or resource records of any type, for that
matter) will cause a name server to send a response packet via TCP, if
the maximum allowable UDP packet size is exceeded by the size of the
response.  Too many such response packets clog network resources.

I have yet to determine the customers' true business objectives, but I
am assuming that they are either or both of:

1) A customer has multiple e-mail domains, but only a single, public IP
address, and wants all e-mail domains names to show up in reverse DNS
lookups.

2) A customer is hosting multiple, virtual web sites from a single,
public IP address, and wants the reverse lookup for the IP address to
correspond to all web site FQDN's.

Any thoughts on this are most welcome, especially on how to accomplish
the same objectives in other ways.

Thanks in advance!

- Mark

- Mark C. Persiko, Level 3 Communications
- mark.persiko at level3.com<mailto:mark.persiko at level3.com>
----------------------------------
CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential information and is for the sole use of the intended recipient(s). If you are not the intended recipient, any disclosure, copying, distribution, or use of the contents of this information is prohibited and may be unlawful. If you have received this electronic transmission in error, please reply immediately to the sender that you have received the message in error, and delete it. Thank you.
----------------------------------