[dns-operations] You live in a dump, Quoyle!

Petr Špaček pspacek at isc.org
Tue Feb 15 08:47:12 UTC 2022


On 14. 02. 22 19:31, Viktor Dukhovni wrote:
> On Mon, Feb 14, 2022 at 09:48:09AM -0800, Fred Morris wrote:
> 
>> They're full (the DNS is full) of patterns and antipatterns. One fractal
>> rabbit hole example: [0]
>>
>> [0] The DNS protocol allows multiple rvalues per type per oname. This
>> works ok for e.g. A/AAAA, is disallowed for CNAME, and is... I'm not sure
>> what it is for PTR records.
> 
> Multiple PTR records are legal, but not a best (or even sound) practice.
> 
>> If an app is using hostnames in ACLs, it means you need to list them
>> all.
> 
> SMTP servers in some cases require clients to have FCrDNS
> (forward-canonicalised reverse DNS) names.  This requires
> the DNS to return:
> 
>      client IP -> pick a PTR -> A/AAAA RRSet including same IP
> 
> this works even in the presence of multiple PTRs, provided they all
> resolve to address lists that contain the input address.
> 
> Things tend to work poorly when automation adds a PTR record for
> every forward "name -> IP" mapping with a given address.  One
> then sometimes ends up with absurdly large PTR RRsets that
> consume tens of KB in a TCP fallback after TC=1.
> 
> Best practice is to choose just one "primary" name as the PTR
> for a given IP.

Things tend to work poorly in other cases, too.

My favorite is:
$ dig -x 66.172.247.9
and associated
$ dig cmts1-dhcp.longlines.com

-- 
Petr Špaček




More information about the dns-operations mailing list