Path: csiph.com!2.eu.feeder.erje.net!feeder.erje.net!news.etla.org!nntp-feed.chiark.greenend.org.uk!ewrotcd!usenet-its.stanford.edu!usenet.stanford.edu!not-for-mail From: "DeCaro, James John (Jim) CIV DISA FE (USA)" Newsgroups: comp.protocols.dns.bind Subject: RE: [Non-DoD Source] Re: [DoD Source -- ssshhhh Top Secret] Re: Dumb Question is an A or AAAA record required? Date: Thu, 9 Jul 2020 15:49:32 +0000 Lines: 61 Approved: bind-users@lists.isc.org Message-ID: References: <9309970d-4d8d-c6f8-f37b-297b5134eff7@thelounge.net> <40fe75be-4666-4f1e-2833-5051f4f567ac@thelounge.net> <1609C7EA8C9FEF4DBBDFA1E2FB502263BBC66214@UMECHPA7E.easf.csd.disa.mil> NNTP-Posting-Host: lists.isc.org Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-Trace: usenet.stanford.edu 1594309821 22553 149.20.1.60 (9 Jul 2020 15:50:21 GMT) X-Complaints-To: action@cs.stanford.edu To: Michael De Roover , "bind-users@lists.isc.org" Return-Path: X-Original-To: bind-users@lists.isc.org Delivered-To: bind-users@lists.isc.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mail.mil; i=@mail.mil; q=dns/txt; s=EEMSG2018v1a; t=1594309812; x=1625845812; h=from:to:subject:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version; bh=DzTrUf3R3PPIgx8+mJ7rznzgPGQfoGj9eGT1Xe9UE3Y=; b=o2uJpbF+kSwLyTd4RK9yjDyw+JV4fYiiQVvK8vwO0YYctuNr+ujmvZ4c Egb0UycX0sycnmGVn3mS+1y0wjY3gG9bjFLwdLLBOEwWikDh8ML27Xgr6 Z7oHqJ90C+E277txqZZ7AGtbT4DT1QesPf6V90spRXers7PdHs50gb+dZ zChTD9HCNt3p+H+jS0jkm0Whs9yhDDHlS5zayqC+1rDlLNDAhvTRd2Uiq orQnHQB1cKq6qlA4nq1u79+Px86wDazbNSYyKX/IQeEqL4+J81iSmn7x5 ihhiK0MVwO1WjGJqyZII65m8j6/PbLzKj5KEnq/v0GBPFMFKTM/gv9yK3 A==; X-EEMSG-check-017: 128174967|UCOL19PA37_ESA_OUT04.csd.disa.mil X-IronPort-AV: E=Sophos;i="5.75,331,1589241600"; d="scan'208";a="128174967" Thread-Topic: [Non-DoD Source] Re: [DoD Source -- ssshhhh Top Secret] Re: Dumb Question is an A or AAAA record required? Thread-Index: AdZV9NRqMdc5gFpSS7mAgoiwsL1ULgAARs+AAALTJwAAADeVgAAAlvIAAADOzrA= In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [214.21.44.15] X-Spam-Status: No, score=-2.5 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,KAM_SHORT,RCVD_IN_DNSWL_MED, SPF_HELO_NONE,SPF_PASS autolearn=disabled version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on mx.pao1.isc.org X-BeenThere: bind-users@lists.isc.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: BIND Users Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Mailman-Original-Message-ID: <1609C7EA8C9FEF4DBBDFA1E2FB502263BBC66214@UMECHPA7E.easf.csd.disa.mil> X-Mailman-Original-References: <9309970d-4d8d-c6f8-f37b-297b5134eff7@thelounge.net> <40fe75be-4666-4f1e-2833-5051f4f567ac@thelounge.net> Xref: csiph.com comp.protocols.dns.bind:15961 We have an application that queries reverse lookups on clients trying to ac= cess it in order to verify the client and its IP are legit and a part of th= e correct domain/acl.. So if the pointer record does not match, the client = is rejected. I don't know if that is relevant in this case, but it provides= an example. =20 -----Original Message----- From: bind-users On Behalf Of Michael De= Roover Sent: Thursday, July 9, 2020 11:20 AM To: bind-users@lists.isc.org Subject: [Non-DoD Source] Re: [DoD Source -- ssshhhh Top Secret] Re: Dumb Q= uestion is an A or AAAA record required? All active links contained in this email were disabled. Please verify the = identity of the sender, and confirm the authenticity of all links contained= within the message prior to copying and pasting the address to a Web brows= er. =20 ---- On 7/9/20 5:03 PM, Reindl Harald wrote: > but it still has nothing to do with your domain by definition, the PTR > could be anything Of course it can be, they're completely separate name spaces. However=20 would it make any sense in practice to point it somewhere else entirely?=20 You'd probably be better off not setting it at all then. I'd argue that=20 they're meant to match each other. > but how does that change anything in the simple fact that "Would the > lack of A records affect pointer records? Seems like it would" given > that the PTR zone is a dns zone like anything else > while it's smart (at least when you want to send mails) that your IP has > a sane PTR and that the name maps back to the IP the dns system couldn't > care less My thoughts exactly. They can technically be different and the DNS=20 itself indeed couldn't care less (but applications checking for that=20 might).. but would it make sense to? I mean yeah I suppose that they can=20 exist without the other. Not uncommon for A records to be without PTR=20 records, and I guess that a PTR record without an A record could work=20 too..? But again, aside from the theoretical possibility, why would you=20 want to set your PTR records to not match at least one of your A records? --=20 Met vriendelijke groet / Best regards, Michael De Roover _______________________________________________ Please visit Caution-https://lists.isc.org/mailman/listinfo/bind-users to u= nsubscribe from this list ISC funds the development of this software with paid support subscriptions.= Contact us at Caution-https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org Caution-https://lists.isc.org/mailman/listinfo/bind-users