[dns-operations] how common is a 66-record answer section, i wonder?
Mark_Andrews at isc.org
Mon Aug 14 06:44:31 UTC 2006
> > I've never seen the benefit of multiple pointers in the
> > reverse tree. People just keep adding them until they
> > exceed the ability of the protocol to return. In reality
> > nothing depends on there being a matching ptr for a address.
> > The reverse however is not true.
> i realize that .rhosts is dead, but there was a time when being able
> to check gethostbyname(gethostbyaddr(getpeername(s))) == getpeername(s)
Which only required a single PTR record. Adding extra PTR
records usually meant adding extral lines to .rhosts as
only the first PTR return was checked.
> was valuable, and being able to enumerate all of the owners of A RRs
> that had the same rdata was therefore valuable.
> it's still in common use for anti-spam MTA's. postfix has an option
> for "don't allow e-mail from hosts who don't have PTRs"
This doesn't require multiple PTR's.
> as well as
> "don't allow e-mail from hosts whose PTR isn't the same as their HELO"
Which breaks mail from behind NAT boxes. Even adding PTR's for
all the (mail) machines behind a NAT doesn't scale as eventually
you reach DNS's 64k message limit.
This one also assumes you can control your reverse name space.
> as well as "don't allow e-mail from hosts who aren't in the A RRset
> for the HELO name".
This doesn't require multiple PTR's. This just requires
that there is appropriate address records.
> i use all three, and i depend on them, and i like
> them, and so i find A-vs-PTR symmetry to be valuable, even w/o .rhosts.
> dns-operations mailing list
> dns-operations at lists.oarci.net
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the dns-operations