âForeignâ name in the reverse lookup zone
Barry Margolin
barmar at alum.mit.edu
Wed Apr 17 16:07:07 UTC 2013
In article <mailman.146.1366210213.20661.bind-users at lists.isc.org>,
PAVLOV Misha <Misha.Pavlov at socgen.com> wrote:
> Folks,
>
> Wonder if someone can kindly confirm that there is nothing wrong with having
> a PTR record in one of the subnet zone file (we are authorative for) with PTR
> to the name owned by another office (domain). A server
> exchange.north.our.company (owned and registered in north.our.company domain)
> installed here, on the same network as all local south.our.company machines.
> We own, are authorative and maintain the db.1.2.3 subnet reverse zone, but
> not the north.our.company name registered far away.
There's nothing wrong with it, and it's done all the time. Consider the
case where www.company.com server is hosted at a third party. The A
record will be in the company's domain, but the PTR record will be in
the hosting service's reverse domain.
Just make sure that there is a corresponding A record. Some software
will check for this before believing the PTR record. This is mostly done
in software that uses reverse lookups in security checks; for instance,
if a hosts.allow file allows access from *.company.com, it can't just
believe the PTR record because anyone can put "<some-addr> PTR
foo.company.com." in their reverse zone.
--
Barry Margolin
Arlington, MA
More information about the bind-users
mailing list