[dns-operations] how common is a 66-record answer section, i wonder?

Mark Andrews Mark_Andrews at isc.org
Mon Aug 14 06:44:31 UTC 2006


> > 	I've never seen the benefit of multiple pointers in the
> > 	reverse tree.  People just keep adding them until they
> > 	exceed the ability of the protocol to return.  In reality
> > 	nothing depends on there being a matching ptr for a address.
> > 	The reverse however is not true.
> 
> i realize that .rhosts is dead, but there was a time when being able
> to check gethostbyname(gethostbyaddr(getpeername(s))) == getpeername(s)

	Which only required a single PTR record.  Adding extra PTR
	records usually meant adding extral lines to .rhosts as
	only the first PTR return was checked.

> was valuable, and being able to enumerate all of the owners of A RRs
> that had the same rdata was therefore valuable.
> 
> it's still in common use for anti-spam MTA's.  postfix has an option
> for "don't allow e-mail from hosts who don't have PTRs"

	This doesn't require multiple PTR's.

> as well as
> "don't allow e-mail from hosts whose PTR isn't the same as their HELO"

	Which breaks mail from behind NAT boxes.  Even adding PTR's for
	all the (mail) machines behind a NAT doesn't scale as eventually
	you reach DNS's 64k message limit.

	This one also assumes you can control your reverse name space.

> as well as "don't allow e-mail from hosts who aren't in the A RRset
> for the HELO name".

	This doesn't require multiple PTR's.  This just requires
	that there is appropriate address records.

> i use all three, and i depend on them, and i like
> them, and so i find A-vs-PTR symmetry to be valuable, even w/o .rhosts.
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.oarci.net
> http://lists.oarci.net/mailman/listinfo/dns-operations
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org



More information about the dns-operations mailing list