On 08/24/2017 09:46 AM, Hector Santos wrote:
Not expecting this in my DNS resolver code, I modified the resolver to take the CNAMEs into account and return the host names instead. Was this the correct thing to do, thus providing the same results regardless of the query location?
This is one of the gotchas for classless in-addr.arpa delegation.
Before I release my updates, I wonder if this was the right thing to do.
I prefer to use a different method to do classless in-addr.arpa delegation.Specifically, I ask ISPs to put an NS record for the IP(s) in question pointing to my own DNS server. Then I configure zone(s) that match the full in-addr.arpa name with the PTR in the zone apex.
You can have a separate zone (d.c.b.a.in-addr.arpa.) for each IP (a.b.c.d) -or- you can have a single parent zone (c.b.a.in-addr.arpa.) with individual PTR records, much like the ISP normally does.
If you do the second method (parent c.b.a.in-addr.arpa. zone) I'd recommend that you have NS records for the other 224 IPs that point to your ISP's name server that is authoritative for the zone.
In effect, you are actually delegating the IPs an additional level.I got bit by SORBS not understanding classless in-addr.arpa delegation (since been fixed) more than a decade ago and have never had any similar problems.
-- Grant. . . . unix || die
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
