[dns-operations] how common is a 66-record answer section, i wonder?
Paul Vixie
paul at vix.com
Mon Aug 14 15:51:53 UTC 2006
> > i realize that .rhosts is dead, but there was a time when being able
> > to check gethostbyname(gethostbyaddr(getpeername(s))) == getpeername(s)
>
> Which only required a single PTR record. Adding extra PTR
> records usually meant adding extral lines to .rhosts as
> only the first PTR return was checked.
having personally fixed the rexec library to check multiple PTRs, i know.
> > was valuable, and being able to enumerate all of the owners of A RRs
> > that had the same rdata was therefore valuable.
> >
> > it's still in common use for anti-spam MTA's. postfix has an option
> > for "don't allow e-mail from hosts who don't have PTRs"
>
> This doesn't require multiple PTR's.
it does if the host you're coming from has multiple names it can HELO from.
conceptually this is an expansion of:
EXAMPLE.VIX.COM. IN A 128.45.1.1
1.1.45.128.IN-ADDR.ARPA. IN PTR EXAMPLE.VIX.COM.
to:
EXAMPLE1.VIX.COM. IN A 128.45.1.1
EXAMPLE2.VIX.COM. IN A 128.45.1.1
EXAMPLE3.VIX.COM. IN A 128.45.1.1
1.1.45.128.IN-ADDR.ARPA. IN PTR EXAMPLE1.VIX.COM.
IN PTR EXAMPLE2.VIX.COM.
IN PTR EXAMPLE3.VIX.COM.
and everything that was designed to work with the former should dependably
work with the latter. and a lot of small things, like me, now depend on it.
it isn't always possible, or desireable, to use a CNAME for EXAMPLE2 and
EXAMPLE3 as in the above example. multiple PTR rdatas are how to maintain
A/PTR symmetry in such cases.
More information about the dns-operations
mailing list