[prev in list] [next in list] [prev in thread] [next in thread]
List: pdns-dev
Subject: [Pdns-dev] pdns_recursor, export-etc-hosts creates round-robin PTRs
From: Andrew Boling <aboling () gmail ! com>
Date: 2011-07-23 22:07:44
Message-ID: CAPnMbcwxMJv00Fsa2iOHL+yCLELy3uvEj4Hd=N-qSAttO5+SpQ () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Obligatory apology: I did try to search for prior discussion of this topic
but didn't come up with anything. Sorry if this is covered territory. :)
When using the export-etc-hosts option of pdns_recursor, round-robin PTR
records are created in memory for both all aliases associated with each IP
address defined in the hosts file. I'm inclined to believe that this is
undesirable behavior, as the general standard across platforms is that the
first name entry for an IP address in the hosts file is to be considered the
canonical name. The current implementation causes problems with software
that uses any form of name validation against PTR records (i.e. SSL certs or
Kerberos auth).
I am aware of the alternatives of using auth-zone or running a
separate authoritative server for the local domain, so this isn't a show
stopper for me. Round-robin PTRs do seem a little counter-intuitive though,
so I figured it wouldn't hurt to see how others felt about it.
As an example, if /etc/hosts contains the following line:
192.168.0.1 somehost.mydomain somehost1 somehost2
Queries against the DNS server will return records like so:
somehost:/etc/powerdns# host -t PTR 192.168.0.1
1.0.168.192.in-addr.arpa domain name pointer somehost1.
1.0.168.192.in-addr.arpa domain name pointer somehost.mydomain.
1.0.168.192.in-addr.arpa domain name pointer somehost2.
somehost:/etc/powerdns# host -t PTR 192.168.0.1
1.0.168.192.in-addr.arpa domain name pointer somehost2.
1.0.168.192.in-addr.arpa domain name pointer somehost1.
1.0.168.192.in-addr.arpa domain name pointer somehost.mydomain.
OS: Debian Squeeze
Version: 3.2 (OS-supplied binary distro, no recompile)
[Attachment #5 (text/html)]
Obligatory apology: I did try to search for prior discussion of this topic =
but didn't come up with anything. Sorry if this is covered territory. :=
)<div><br></div><div>When using the export-etc-hosts option of pdns_recurso=
r, round-robin PTR records are created in memory for both all aliases assoc=
iated with each IP address defined in the hosts file. I'm inclined to b=
elieve that this is undesirable behavior, as the general standard across pl=
atforms is that the first name entry for an IP address in the hosts file is=
to be considered the canonical name. The current implementation causes pro=
blems with software that uses any form of name validation against PTR recor=
ds (i.e. SSL certs or Kerberos auth).</div>
<div><br></div><div>I am aware of the alternatives of using auth-zone or ru=
nning a separate=A0authoritative=A0server for the local domain, so this isn=
't a show stopper for me. Round-robin PTRs do seem a little counter-int=
uitive though, so I figured it wouldn't hurt to see how others felt abo=
ut it.</div>
<div><br></div><div><br></div><div>As an example, if /etc/hosts contains th=
e following line:</div><div>192.168.0.1 =A0 =A0somehost.mydomain =A0 =A0 =
=A0somehost1 somehost2</div><div><br></div><div>Queries against the DNS ser=
ver will return records like so:</div>
<div><div>somehost:/etc/powerdns# host -t PTR 192.168.0.1</div><div>1.0.168=
.192.in-addr.arpa domain name pointer somehost1.</div><div>1.0.168.192.in-a=
ddr.arpa domain name pointer somehost.mydomain.</div><div>1.0.168.192.in-ad=
dr.arpa domain name pointer somehost2.</div>
<div>somehost:/etc/powerdns# host -t PTR 192.168.0.1</div><div>1.0.168.192.=
in-addr.arpa domain name pointer somehost2.</div><div>1.0.168.192.in-addr.a=
rpa domain name pointer somehost1.</div><div>1.0.168.192.in-addr.arpa domai=
n name pointer somehost.mydomain.</div>
<div><br></div></div><div><div><br></div><div>OS: Debian Squeeze</div><div>=
Version: 3.2 (OS-supplied binary distro, no recompile)</div></div>
_______________________________________________
Pdns-dev mailing list
Pdns-dev@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-dev
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic