[dns-operations] You live in a dump, Quoyle!
Petr Špaček
pspacek at isc.org
Tue Feb 15 08:47:12 UTC 2022
On 14. 02. 22 19:31, Viktor Dukhovni wrote:
> On Mon, Feb 14, 2022 at 09:48:09AM -0800, Fred Morris wrote:
>
>> They're full (the DNS is full) of patterns and antipatterns. One fractal
>> rabbit hole example: [0]
>>
>> [0] The DNS protocol allows multiple rvalues per type per oname. This
>> works ok for e.g. A/AAAA, is disallowed for CNAME, and is... I'm not sure
>> what it is for PTR records.
>
> Multiple PTR records are legal, but not a best (or even sound) practice.
>
>> If an app is using hostnames in ACLs, it means you need to list them
>> all.
>
> SMTP servers in some cases require clients to have FCrDNS
> (forward-canonicalised reverse DNS) names. This requires
> the DNS to return:
>
> client IP -> pick a PTR -> A/AAAA RRSet including same IP
>
> this works even in the presence of multiple PTRs, provided they all
> resolve to address lists that contain the input address.
>
> Things tend to work poorly when automation adds a PTR record for
> every forward "name -> IP" mapping with a given address. One
> then sometimes ends up with absurdly large PTR RRsets that
> consume tens of KB in a TCP fallback after TC=1.
>
> Best practice is to choose just one "primary" name as the PTR
> for a given IP.
Things tend to work poorly in other cases, too.
My favorite is:
$ dig -x 66.172.247.9
and associated
$ dig cmts1-dhcp.longlines.com
--
Petr Špaček
More information about the dns-operations
mailing list