[Pdns-dev] pdns_recursor, export-etc-hosts creates round-robin PTRs

bert hubert bert.hubert at netherlabs.nl
Mon Jul 25 15:26:14 CEST 2011

On Sat, Jul 23, 2011 at 06:07:44PM -0400, Andrew Boling wrote:
> canonical name. The current implementation causes problems with software
> that uses any form of name validation against PTR records (i.e. SSL certs or
> Kerberos auth).

Well.. I don't think that gets you far anyhow.

> I am aware of the alternatives of using auth-zone or running a
> separate authoritative server for the local domain, so this isn't a show
> stopper for me. Round-robin PTRs do seem a little counter-intuitive though,
> so I figured it wouldn't hurt to see how others felt about it.

What we did was copy the behaviour of djbdns and several other tools that do
it in this way.

Was your question theoretical or is it actually breaking some things for

We could of course add a flag to switch behaviour, but I'd only do so if
someone is really hurt by what we do now.

PowerDNS Website: http://www.powerdns.com/
PowerDNS Community Website: http://wiki.powerdns.com/

> As an example, if /etc/hosts contains the following line:
>    somehost.mydomain      somehost1 somehost2
> Queries against the DNS server will return records like so:
> somehost:/etc/powerdns# host -t PTR
> domain name pointer somehost1.
> domain name pointer somehost.mydomain.
> domain name pointer somehost2.
> somehost:/etc/powerdns# host -t PTR
> domain name pointer somehost2.
> domain name pointer somehost1.
> domain name pointer somehost.mydomain.
> OS: Debian Squeeze
> Version: 3.2 (OS-supplied binary distro, no recompile)

> _______________________________________________
> Pdns-dev mailing list
> Pdns-dev at mailman.powerdns.com
> http://mailman.powerdns.com/mailman/listinfo/pdns-dev

More information about the Pdns-dev mailing list