[ On Wednesday, February 6, 2002 at 21:47:20 (+0100), bhoc@??? wrote: ]
> Subject: Re: Reverse Mappings
>
> Thanks to all who mailed me. That wasn't my best example ever. I *do* have
> an A record for my MX... I don't care about *my* exim that is bounced by
> others...
>
> What I tried to convey is that not every reverse lookup will necessarily
> reveal the same host.
Well, actually, if you follow the DNS RFCs, every reverse lookup "MUST"
reveal the same host or host_s_.
> <better example>
>
> foo.org MX 10 mail.foo.org
> foo.org NS ns.isp.com
> mail.foo.org IN A 123.1.2.3
>
> bar.net MX 10 mail.bar.net
> bar.net NS ns.isp.com
> mail.bar.net IN A 123.1.2.3
>
> isp.com MX 10 mail.isp.com
> isp.com NS ns.isp.com
> mail.isp.com IN A 123.1.2.3
> 3.2.1.123.in-addr.arpa IN PTR mail.isp.com.
>
> </better example>
Nope, not better -- bogus and broken by definition. In such an scenario
you MUST have a PTR for every hostname that points to a given address.
I.e. your example is missing the following critical PTRs:
3.2.1.123.in-addr.arpa. IN PTR mail.bar.net.
3.2.1.123.in-addr.arpa. IN PTR mail.foo.org.
(yes, you really "MUST" have multiple PTRs in such a scenario!)
Note that this bogosity is even worse than it looks and such scenarios
are fundamentally limited by the number of PTRs that can reasonably be
returned in a single DNS lookup.
You really REALLY want _only_ the following:
foo.org. IN MX 10 mail.isp.com.
bar.net. IN MX 10 mail.isp.com.
isp.com. IN MX 10 mail.isp.com.
mail.isp.com. IN MX 10 mail.isp.com.
mail.isp.com. IN A 123.1.2.3
3.2.1.123.in-addr.arpa. IN PTR mail.isp.com.
That's it. Nothing more, nothing less. Any attempt to define A RRs for
every virtual mail domain is literally stupid and self-limiting. Same
for virtual HTTP domains -- just use the 'Host:' header! (there is no
such thing as a "virtual" HTTPS domain -- you need separate IP#s for
them, so no worries there)
--
Greg A. Woods
+1 416 218-0098; <gwoods@???>; <g.a.woods@???>; <woods@???>
Planix, Inc. <woods@???>; VE3TCP; Secrets of the Weird <woods@???>
