On 24 March 2015 at 01:57, Lev Olshvang <l...@nyotron.com> wrote: > Hi Amos, > > > > I managed to persuade our sysadmin to give me permission in AD DNS server > and I put there PTR record. >
It should be part of his job - otherwise the PTR records will keep getting out of sync with the A/AAAA records. > > > The question is whether it is possible to confugre nsswitch, or dnsmasq, > nscd or other resolver from doing reverse lookup. > Not that I'm aware - what do you expect it to do when the client asks to resolve an IP address? Aways fail? > > > *From:* Amos Shapira [mailto:amos.shap...@gmail.com] > *Sent:* Monday, March 23, 2015 12:50 PM > *To:* Lev Olshvang > *Cc:* linux-il > *Subject:* Re: HOW to prevent DNS resolver from going into revert lookup > (record of PTR type)? > > > > OK, I think I understand you now. > > > > Let's take a step back for a moment - you say that the client fails to > resolve IP address back to hostnames and that causes you problems? > > > > How about configuring your DNS server to provide the right PTR records? > > > > --Amos > > > > On 23 March 2015 at 19:13, Lev Olshvang <l...@nyotron.com> wrote: > > Hi Amos, > > > > Perhaps I was not clear enough. > > Yes, I want to prevent client from revert lookup. > > The client is not my application, It is part of Linux installation in some > docs named DNS resolver. > > It is configured in /etc/nsswitch.conf and then control flow of > gethostbyname() does IP lookup and reverse lookup > > > > > > But back to my question – I see in sniffer DNS query for type A record > issued and then DNS query for PTR record ( reverse lookup) > > And I want to know if there is a way to configure nsswitch to prevent > reverse since I already get IP ith the peer. > > > > Hope now I explained the queston more thoroughly. > > > > L. > > > > *From:* Amos Shapira [mailto:amos.shap...@gmail.com] > *Sent:* Sunday, March 22, 2015 10:08 PM > *To:* Lev Olshvang > *Cc:* linux-il > *Subject:* Re: HOW to prevent DNS resolver from going into revert lookup > (record of PTR type)? > > > > I'm not sure what you are trying to achieve here - PTR records and A > records are completely separate entities living under different domains. > Both of them should be maintained separately (there are probably tons of > tools to keep them in sync if you like, but from DNS' perspective there is > no relation between them). > > > > If you want to "prevent reverse lookup" then you should tell the client > not to do this. > > > > On 22 March 2015 at 22:31, Lev Olshvang <l...@nyotron.com> wrote: > > Hi Linuxers, > > > > I am jumping on today’s DNS thread, > > > > My Linux Debian uses DNS service some Windows server. > > > > Linux resolver gets back IP address ( type A and AAA records), but fail > to get back PTR record. > > ( I am observing DNS queries and failures with Wireshark) > > > > This cause ldap to use address instead of host name in authentication > realm and fail. > > When I add address –hostname pairs in /etc/hosts, ldap succeeds. (it uses > name in the realm claim) > > > > > > > > I did not yet find a way to change nsswitch.conf to some resolver that > prevents reverse lookup, > > Please give me some ideas if it is possible. > > > > > > Lev. > > > _______________________________________________ > Linux-il mailing list > Linux-il@cs.huji.ac.il > http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il > > > > > > -- > > [image: Image removed by sender.] <http://au.linkedin.com/in/gliderflyer> > > > > > > -- > > [image: Image removed by sender.] <http://au.linkedin.com/in/gliderflyer> > -- <http://au.linkedin.com/in/gliderflyer>
_______________________________________________ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
