On 14. 02. 22 19:31, Viktor Dukhovni wrote:
On Mon, Feb 14, 2022 at 09:48:09AM -0800, Fred Morris wrote:
They're full (the DNS is full) of patterns and antipatterns. One fractal
rabbit hole example: [0]
[0] The DNS protocol allows multiple rvalues per type per oname. This
works ok for e.g. A/AAAA, is disallowed for CNAME, and is... I'm not sure
what it is for PTR records.
Multiple PTR records are legal, but not a best (or even sound) practice.
If an app is using hostnames in ACLs, it means you need to list them
all.
SMTP servers in some cases require clients to have FCrDNS
(forward-canonicalised reverse DNS) names. This requires
the DNS to return:
client IP -> pick a PTR -> A/AAAA RRSet including same IP
this works even in the presence of multiple PTRs, provided they all
resolve to address lists that contain the input address.
Things tend to work poorly when automation adds a PTR record for
every forward "name -> IP" mapping with a given address. One
then sometimes ends up with absurdly large PTR RRsets that
consume tens of KB in a TCP fallback after TC=1.
Best practice is to choose just one "primary" name as the PTR
for a given IP.
Things tend to work poorly in other cases, too.
My favorite is:
$ dig -x 66.172.247.9
and associated
$ dig cmts1-dhcp.longlines.com
--
Petr Špaček
_______________________________________________
dns-operations mailing list
dns-operations@lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
