Reverse address entries
Daniel McDonald
dan.mcdonald at austinenergy.com
Tue Jul 2 13:53:33 UTC 2013
On 7/2/13 8:42 AM, "Sam Wilson" <Sam.Wilson at ed.ac.uk> wrote:
> There may be a subtle language thing going on here. I read the original
> post above as saying, literally, "you need PTR records because various
> software tries to match A and PTR records". It doesn't say "you need
> PTR records because some systems require PTR records (and if you have
> them they will also need to match the A records)". PTR records are nice
> but they aren't a general requirement.
>
> Can anyone here give examples of the types of various software that will
> not operate without a PTR record?
I've had trouble with OSI-Soft PI historian without reverse entries. If
there is no reverse, then the PI software would spend about 30 seconds
looking in vain for a DNS answer before sending a SYN-ACK packet. Since the
embryonic timer on a Cisco firewall is usually 20 seconds, the sessions
would simply not come up. I've seen similar things with openssh.
The other place reverse DNS is routinely queried is SMTP. If you care
enough to send mail, you should care enough to set up your reverse entries
realistically so that spam filters will recognize that you are trying to
actively manage your email server and this isn't mail from a BOT...
>
>> Now that IS a reason to add PTR for IP address, and they must point to
>> hostnames that point to the same IP.
>
> I agree that if PTR records exist then they should match an A record.
> My experience (and IIRC correctly the word of several RFCs) is that PTRs
> are not required for most things to work.
>
> Sam
--
Daniel J McDonald, CCIE # 2495, CISSP # 78281
More information about the bind-users
mailing list