On Thu, Jun 4, 2009 at 13:57, Adam Katz <antis...@khopis.com> wrote: > John Hardin wrote: >> So that data comes from /etc/hosts. How does that materially affect the >> FCrDNS sanity test? > > By definition, FCrDNS uses DNS lookups. Unless you're using dnsmasq, > the entries in /etc/hosts are ignored during DNS lookups. Unless I'm > mistaken, no FCrDNS implementation ever queries /etc/hosts (nor should > it). This means FCrDNS will conclude that localhost does not resolve > and that 127.0.0.1 has no rDNS (excepting cases where the admins have > manually placed such entries into the local DNS). >
That seems to be an important distinction for strict/rigorous/theoretical discussions of "what is full circle reverse DNS", and things along those lines... but I'm not sure if it really is an important distinction for the practical matter of how you handle tests in SA. some IP -> in-addr lookup -> localhost -> FAIL (because localhost isn't in DNS, and thus the test failed because the name listed in the PTR record doesn't resolve to an A record) vs some IP -> in-addr lookup -> localhost -> FAIL (because localhost is a forbidden result) vs some IP -> in-addr lookup -> localhost -> 127.0.0.1 -> FAIL (because locally we do have localhost in DNS, and 127.0.0.1 isn't the IP address we started with) vs some IP -> in-addr lookup -> localhost -> 127.0.0.1 -> FAIL (because locally we do have localhost in DNS, and 127.0.0.1 is a forbidden result) All four of these are, practically speaking, the same, regardless of whether or not you're saying that the first one is strictly speaking a "full circle reverse DNS check".
