Solved

Reverse DNS for host with multiple IPs

Posted on 2009-04-15
4
688 Views
Last Modified: 2012-05-06
Correct me if I'm wrong, but I thought setting up reverse DNS for hosts with multiple IPs is pretty straightforward?

We have one customer that has 2 ADSL lines with 2 different suppliers and an internal mail server.  There are two A records setup for their mail server hostname pointing to the two different IPs.  Each supplier has setup reverse DNS entries for each IP resolving to the same hostname.  This has all worked fine for over a year.

Now one of the lines has been switched to a different supplier and their hostmaster is telling me it's not possible to setup rDNS for a host that has two forward lookup IPs??

I quote

"A single A record has to point to a single IP address, you cannot have mail.yourdomain.com pointing at 2 different IP addresses it just will not work."

That is true - a single A record has to point to a single IP.  But there's no reason why there can't be two A records for the same hostname right?

Or am I going senile?
0
Comment
Question by:devon-lad
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 71

Expert Comment

by:Chris Dent
ID: 24149891

You're not senile. There's no real reason a PTR record cannot point to an A record acting as part of a Round Robin set (multiple A records for a single name resource).

It's all fine as long as your network kit is capable of coping with the connections coming in on two different IPs, I assume it is if you've been running that successfully.

Chris
0
 
LVL 1

Author Comment

by:devon-lad
ID: 24150414
Thanks for that Chris.

And there's no reason why rDNS cannot be setup so that two different IPs with two different suppliers resolve to the same hostname, right?

I'm thinking it must be ok, because this is what we've had for the past year or so.

Need to find a link to something official that says the above in a nutshell, because this guy is not listening to me.
0
 
LVL 71

Accepted Solution

by:
Chris Dent earned 500 total points
ID: 24151565

It comes under RFC 1912 (http://www.ietf.org/rfc/rfc1912.txt) which makes the following recommendation:

   Make sure your PTR and A records match.  For every IP address, there
   should be a matching PTR record in the in-addr.arpa domain.  If a
   host is multi-homed, (more than one IP address) make sure that all IP
   addresses have a corresponding PTR record (not just the first one).

Your system in this instance is multi-homed so to conform to that recommendation it must have a PTR record for each IP, pointing back to the same name (because it is the same host).

We can resort to Wikipedia for the rest, because it describes FCrDNS which is used in some instances (rather than just a ReverseDNS check). This process is not defined in an RFC so it's about as good as we get.

http://en.wikipedia.org/wiki/Forward_Confirmed_reverse_DNS

Paying special attention to the highlighted "any":

> For each domain name mentioned in the PTR records, a regular DNS lookup is done to see
> if **any** of the A or AAAA records match the original IP address

He won't need Round Robin proving for the forward lookup as well will he?

Chris
0
 
LVL 1

Author Comment

by:devon-lad
ID: 24155400
Ah, that will do it.

Thanks Chris
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This article is intended as an extension of a blog on Aging and Scavenging by the MS Enterprise Networking Team. In brief, Scavenging is used as follows: Each record in a zone which has been dynamically registered with an MS DNS Server will have…
There have been a lot of times when we have seen the need to enter a large number of DNS entries in a forward lookup zone. The standard procedure would be to launch the DNS Manager console, create the Zone and start adding new hosts using the New…
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question