In article <mailman.710.1372442831.20661.bind-us...@lists.isc.org>, Charles Swiger <cswi...@mac.com> wrote:
> On Jun 28, 2013, at 10:54 AM, "Ward, Mike S" <mw...@ssfcu.org> wrote: > > Hello all, is there any reason to setup reverse address entries for a zone? > > Certainly. Various software performs what's called a double-reverse lookup > to confirm that the A and PTR records match. Isn't that paranoid reverse lookup? Since reverse lookups can be faked (I'll spare the details here) some uses of in-addr.arpa also require a subsequent forward lookup. If there is no PTR record then the double lookup doesn't happen. I don't know of anything to be gained by requiring a reverse lookup after a forward lookup. > > I have asked some of the admins here and the consensus from them is that > > only A records are necessary. Is this true? > > I suppose that depends on how wide (or limited) one's view of "necessary" is. > > Many mail systems choose not to grant much trust towards IPs without good > DNS. > Java's SSL on some platform performs a double-reverse check and declines to > proceed if there is a mismatch. It's nice for humans too. Sam -- The University of Edinburgh is a charitable body, registered in Scotland, with registration number SC005336. _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
