1. Forum
  2. Newsgroups
  3. comp.protocols.dns.bind

  • RE: [Non-DoD Source] Re: [DoD Source -- ssshhhh Top Secret] Re:Dumb Question is an A or AAAA record required?

    From DeCaro, James John (Jim) CIV DISA FE (USA)@james.j.decaro3.civ@mail.mil to bind-users@lists.isc.org on Thu Jul 9 15:49:32 2020
    From Newsgroup: comp.protocols.dns.bind

    We have an application that queries reverse lookups on clients trying to access it in order to verify the client and its IP are legit and a part of the correct domain/acl.. So if the pointer record does not match, the client is rejected. I don't know if that is relevant in this case, but it provides an example.
    -----Original Message-----
    From: bind-users <bind-users-bounces@lists.isc.org> On Behalf Of Michael De Roover
    Sent: Thursday, July 9, 2020 11:20 AM
    To: bind-users@lists.isc.org
    Subject: [Non-DoD Source] Re: [DoD Source -- ssshhhh Top Secret] Re: Dumb Question is an A or AAAA record required?
    All active links contained in this email were disabled. Please verify the identity of the sender, and confirm the authenticity of all links contained within the message prior to copying and pasting the address to a Web browser.
    ----
    On 7/9/20 5:03 PM, Reindl Harald wrote:
    but it still has nothing to do with your domain by definition, the PTR
    could be anything
    Of course it can be, they're completely separate name spaces. However
    would it make any sense in practice to point it somewhere else entirely?
    You'd probably be better off not setting it at all then. I'd argue that they're meant to match each other.
    but how does that change anything in the simple fact that "Would the
    lack of A records affect pointer records? Seems like it would" given
    that the PTR zone is a dns zone like anything else
    while it's smart (at least when you want to send mails) that your IP has
    a sane PTR and that the name maps back to the IP the dns system couldn't
    care less
    My thoughts exactly. They can technically be different and the DNS
    itself indeed couldn't care less (but applications checking for that
    might).. but would it make sense to? I mean yeah I suppose that they can
    exist without the other. Not uncommon for A records to be without PTR
    records, and I guess that a PTR record without an A record could work
    too..? But again, aside from the theoretical possibility, why would you
    want to set your PTR records to not match at least one of your A records?
    --
    Met vriendelijke groet / Best regards,
    Michael De Roover
    _______________________________________________
    Please visit Caution-https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
    ISC funds the development of this software with paid support subscriptions. Contact us at Caution-https://www.isc.org/contact/ for more information.
    bind-users mailing list
    bind-users@lists.isc.org Caution-https://lists.isc.org/mailman/listinfo/bind-users
    --- Synchronet 3.18a-Linux NewsLink 1.113