“Foreign” name in the reverse lookup zone

[Barry Margolin]

In article <mailman.146.1366210213.20661.bind-users at lists.isc.org>,
 PAVLOV Misha <Misha.Pavlov at socgen.com> wrote:

> Folks,
> 
> Wonder if someone can kindly confirm that there is nothing wrong with having 
> a PTR record in one of the subnet zone file (we are authorative for) with PTR 
> to the name owned by another office (domain). A server 
> exchange.north.our.company (owned and registered in north.our.company domain) 
> installed here, on the same network as all local south.our.company machines. 
> We own, are authorative and maintain the db.1.2.3 subnet reverse zone, but 
> not the north.our.company name registered far away.

There's nothing wrong with it, and it's done all the time. Consider the 
case where www.company.com server is hosted at a third party. The A 
record will be in the company's domain, but the PTR record will be in 
the hosting service's reverse domain.

Just make sure that there is a corresponding A record. Some software 
will check for this before believing the PTR record. This is mostly done 
in software that uses reverse lookups in security checks; for instance, 
if a hosts.allow file allows access from *.company.com, it can't just 
believe the PTR record because anyone can put "<some-addr> PTR 
foo.company.com." in their reverse zone.

-- 
Barry Margolin
Arlington, MA