Re: DNS: inverse lockup returning multiple host names --- allowed or not allowed?
On Fri, 2006-01-27 at 18:44 +0100, . wrote:
> Hi,
>
> I'm trying to find out if it is allowed to have several hostnames being
> returned from inverse DNS queries (example see below). RFC 1034 and RFC
> 1035 don't seem to answer that question.
>
>
> Example:
>
>
> > bulma:~# dig -x 193.158.67.67
> >
> > ; <<>> DiG 9.2.1 <<>> -x 193.158.67.67
> > ;; global options: printcmd
> > ;; Got answer:
> > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14939
> > ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 2, ADDITIONAL: 0
> >
> > ;; QUESTION SECTION:
> > ;67.67.158.193.in-addr.arpa. IN PTR
> >
> > ;; ANSWER SECTION:
> > 67.67.158.193.in-addr.arpa. 77637 IN PTR bulma.condor-werke.com.
> > 67.67.158.193.in-addr.arpa. 77637 IN PTR vegeta.condor-werke.com.
> > 67.67.158.193.in-addr.arpa. 77637 IN PTR fairlane.condor-werke.com.
> >
> > ;; AUTHORITY SECTION:
> > 67.158.193.in-addr.arpa. 77637 IN NS pns.dtag.de.
> > 67.158.193.in-addr.arpa. 77637 IN NS secondary007.dtag.net.
> >
> > ;; Query time: 1 msec
> > ;; SERVER: 127.0.0.1#53(127.0.0.1)
> > ;; WHEN: Fri Jan 27 17:09:21 2006
> > ;; MSG SIZE rcvd: 184
> >
> > bulma:~# dig PTR 67.67.158.193.in-addr.arpa
> >
> > ; <<>> DiG 9.2.1 <<>> PTR 67.67.158.193.in-addr.arpa
> > ;; global options: printcmd
> > ;; Got answer:
> > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24431
> > ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 2, ADDITIONAL: 0
> >
> > ;; QUESTION SECTION:
> > ;67.67.158.193.in-addr.arpa. IN PTR
> >
> > ;; ANSWER SECTION:
> > 67.67.158.193.in-addr.arpa. 77635 IN PTR vegeta.condor-werke.com.
> > 67.67.158.193.in-addr.arpa. 77635 IN PTR fairlane.condor-werke.com.
> > 67.67.158.193.in-addr.arpa. 77635 IN PTR bulma.condor-werke.com.
> >
> > ;; AUTHORITY SECTION:
> > 67.158.193.in-addr.arpa. 77635 IN NS pns.dtag.de.
> > 67.158.193.in-addr.arpa. 77635 IN NS secondary007.dtag.net.
> >
> > ;; Query time: 1 msec
> > ;; SERVER: 127.0.0.1#53(127.0.0.1)
> > ;; WHEN: Fri Jan 27 17:09:23 2006
> > ;; MSG SIZE rcvd: 184
> >
> > bulma:~#
>
>
> As you can see, the inverse lookup does return three hostnames that
> share the same IP address (because they are behind a gateway). All the
> hostnames returned are primary hostnames from the hosts' point of view.
> But one could argue that from the point of view of those who do the
> inverse lookup, only one of the names returned can possibly be a primary
> host name or that at last it cannot be (easily) decided which one is a
> primary host name or which one should be used from there on for the
> purposes the request was made for.
>
> It could also be argued that an inverse lookup _should_ always return an
> unambigous result, in the same way in that CNAME records are supposed to
> always point to a primary hostname rather than to other CNAME records.
>
> But RFC 1035 explicity states that answers to inverse lookups may yield
> inconsistent data because "the IN-ADDR.ARPA special domain and the
> normal domain for a particular host or gateway will be in different
> zones". That applies especially to hosts having multiple IP addresses
> (like the gateways).
>
> Yet I've found no example of an IP address resolving into multiple host
> names when making an inverse lockup on that address.
>
>
the RFC's dont explicitly deny the use of multiple PTR records. but all
books i have read, bot on dns and on bind discourage it's usage.
The returned hostnames from the PTR records are returned in a random
order. so it's dificult to predict witch is returned. and i don't know
of any software that checks anything but the first returned result.
with regards
Ronny Aasen
Reply to: