[Pdns-dev] pdns_recursor, export-etc-hosts creates round-robin PTRs
Andrew Boling
aboling at gmail.com
Sun Jul 24 00:07:44 CEST 2011
Obligatory apology: I did try to search for prior discussion of this topic
but didn't come up with anything. Sorry if this is covered territory. :)
When using the export-etc-hosts option of pdns_recursor, round-robin PTR
records are created in memory for both all aliases associated with each IP
address defined in the hosts file. I'm inclined to believe that this is
undesirable behavior, as the general standard across platforms is that the
first name entry for an IP address in the hosts file is to be considered the
canonical name. The current implementation causes problems with software
that uses any form of name validation against PTR records (i.e. SSL certs or
Kerberos auth).
I am aware of the alternatives of using auth-zone or running a
separate authoritative server for the local domain, so this isn't a show
stopper for me. Round-robin PTRs do seem a little counter-intuitive though,
so I figured it wouldn't hurt to see how others felt about it.
As an example, if /etc/hosts contains the following line:
192.168.0.1 somehost.mydomain somehost1 somehost2
Queries against the DNS server will return records like so:
somehost:/etc/powerdns# host -t PTR 192.168.0.1
1.0.168.192.in-addr.arpa domain name pointer somehost1.
1.0.168.192.in-addr.arpa domain name pointer somehost.mydomain.
1.0.168.192.in-addr.arpa domain name pointer somehost2.
somehost:/etc/powerdns# host -t PTR 192.168.0.1
1.0.168.192.in-addr.arpa domain name pointer somehost2.
1.0.168.192.in-addr.arpa domain name pointer somehost1.
1.0.168.192.in-addr.arpa domain name pointer somehost.mydomain.
OS: Debian Squeeze
Version: 3.2 (OS-supplied binary distro, no recompile)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-dev/attachments/20110723/40314cf7/attachment.htm>
More information about the Pdns-dev
mailing list