Hi there

I'm trying to find an easy exemple how to set up a DNS server for 2 domains
on 1 IP.

ex. toto.com and toto.fr
I think the first part should be ok, but how have I to set up the
reverseDNS?


Thanks in advance for any

Best reagrds
Ralf

"Ralf Meuser" <rmeuser@free.fr> wrote in message
news:470342bd$0$21878$426a74cc@news.free.fr...

> I'm trying to find an easy exemple how to set up a DNS server for
> 2 domains on 1 IP.
>
> ex. toto.com and toto.fr

A nameserver can serve any number of zones, be authoritative for
any or all of them, and listen on any number of IP addresses.
The relationship you're looking for simply does not exist as such.

Meaning: serve whatever zones you want, and don't worry about IP
addresses.


> I think the first part should be ok, but how have I to set up the
> reverseDNS?

An IP address can only reverse-resolve to a single name. Pick one.

Groetjes,
Maarten Wiltink

On Wed, 3 Oct 2007 10:17:12 +0200, in comp.protocols.tcp-ip.domains
(message <4703500b$0$239$e4fe514c@news.xs4all.nl>), Maarten Wiltink
<maarten@kittensandcats.net> wrote:

> An IP address can only reverse-resolve to a single name. Pick one.

That's false, or maybe more accurately, it's perfectly legal to have
more than one PTR record at a name. See RFC 2181 section 10.2. It is
generally in fact a good idea to have a reverse mapping for every name,
where practical. See the current DNSOP WG draft
reverse-mapping-considerations.

Andrew Sullivan
Tranna
yank bell to reply by email

In article <slrnfgngun.ej5.ajs@localhost.phlogiston.dyndns.or g>,
Andrew Sullivan <ajs@ringer.phlogiston.dyndns.org> wrote:

> On Wed, 3 Oct 2007 10:17:12 +0200, in comp.protocols.tcp-ip.domains
> (message <4703500b$0$239$e4fe514c@news.xs4all.nl>), Maarten Wiltink
> <maarten@kittensandcats.net> wrote:
>
> > An IP address can only reverse-resolve to a single name. Pick one.
>
> That's false, or maybe more accurately, it's perfectly legal to have
> more than one PTR record at a name. See RFC 2181 section 10.2. It is
> generally in fact a good idea to have a reverse mapping for every name,
> where practical. See the current DNSOP WG draft
> reverse-mapping-considerations.

The RFC you quote says that it's a fallacy that only one PTR is
permitted, which is clearly correct. The received wisdom so far is that
nothing (hardly anything) can take advantage of multiple PTRs, so whilst
pointless they are useless, and probably confusing. Do you have an
example of an application that can make us of multiple PTRs?

Sam

On Tue, 09 Oct 2007 19:34:22 +0100, in comp.protocols.tcp-ip.domains
(message <Sam.Wilson-58A0C6.19342209102007@scotsman.ed.ac.uk>), Sam
Wilson <Sam.Wilson@ed.ac.uk> wrote:

> The RFC you quote says that it's a fallacy that only one PTR is
> permitted, which is clearly correct. The received wisdom so far is that
> nothing (hardly anything) can take advantage of multiple PTRs, so whilst
> pointless they are useless, and probably confusing. Do you have an
> example of an application that can make us of multiple PTRs?

There are at least some anti-spam and network-monitoring systems that
reportedly _can_ use the additional PTRs. I know this because I'm one
of the editors of the mentioned I-D, and people told me that they had
such applications.

Also, if we continue repeating the nonsense that you must have only one
PTR, then nobody will ever do otherwise, which will continue to be a
drag on the utility of what otherwise would be a nice feature of the
DNS. The reverse tree design certainly has some problems; but let's
not invent ones that aren't there!

A

In article <slrnfgnnlg.f0v.ajs@localhost.phlogiston.dyndns.or g>,
Andrew Sullivan <ajs@ringer.phlogiston.dyndns.org> wrote:

> On Tue, 09 Oct 2007 19:34:22 +0100, in comp.protocols.tcp-ip.domains
> (message <Sam.Wilson-58A0C6.19342209102007@scotsman.ed.ac.uk>), Sam
> Wilson <Sam.Wilson@ed.ac.uk> wrote:
>
> > The RFC you quote says that it's a fallacy that only one PTR is
> > permitted, which is clearly correct. The received wisdom so far is that
> > nothing (hardly anything) can take advantage of multiple PTRs, so whilst
> > pointless they are useless, and probably confusing. Do you have an
> > example of an application that can make us of multiple PTRs?
>
> There are at least some anti-spam and network-monitoring systems that
> reportedly _can_ use the additional PTRs. I know this because I'm one
> of the editors of the mentioned I-D, and people told me that they had
> such applications.

Can you give examples of how they use them? As explained in the I-D,
most reverse checks start by performing a reverse lookup, then check
whether the name resolves to the original address. This just requires
one PTR record and a corresponding A record -- additional A records are
irrelevant and don't require corresponding PTR records.

The only possible case I can think of is an SMTP server that checks the
name given in the HELO command against the PTR record of the client
address. But this only requires one PTR record, as long as the SMTP
client is configured to send that hostname in its HELO command.

> Also, if we continue repeating the nonsense that you must have only one
> PTR, then nobody will ever do otherwise, which will continue to be a
> drag on the utility of what otherwise would be a nice feature of the
> DNS. The reverse tree design certainly has some problems; but let's
> not invent ones that aren't there!

The I-D is also pretty clear that this should not be taken to extreme.
Virtual web servers do *not* need reverse records for every hostname
that points to them.

--
Barry Margolin, barmar@alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
*** PLEASE don't copy me on replies, I'll read them in the group ***

On Wed, 10 Oct 2007 01:48:41 -0400, in comp.protocols.tcp-ip.domains
(message <barmar-88BED3.01484110102007@comcast.dca.giganews.com>), Barry
Margolin <barmar@alum.mit.edu> wrote:

> Can you give examples of how they use them? As explained in the I-D,
> most reverse checks start by performing a reverse lookup, then check
> whether the name resolves to the original address. This just requires
> one PTR record and a corresponding A record -- additional A records are
> irrelevant and don't require corresponding PTR records.

Some try to match names, as well -- that is, they check to make sure
that the name at the PTR is also the name of the A record.

> address. But this only requires one PTR record, as long as the SMTP
> client is configured to send that hostname in its HELO command.

Right; so there is more than one way to do things. Obviously, if the
hostname isn't really used anywhere, there's no need for a PTR to it
either. It's only in the case where you're actually using the hostname
that it makes any difference.

> The I-D is also pretty clear that this should not be taken to extreme.
> Virtual web servers do *not* need reverse records for every hostname
> that points to them.

Sure, and I'd never suggest otherwise. But the I-D says quite clearly
that, in the absense of strong counter-considerations, you should
usually have a reverse mapping for every forward mapping. Virtual web
servers are an obvious case where applying that rule would do more harm
than good, so you should follow another principle.

Best,

Andrew Sullivan
pull bell to reply by email

In article <slrnfgs8ok.k8f.ajs@localhost.phlogiston.dyndns.or g>,
Andrew Sullivan <ajs@ringer.phlogiston.dyndns.org> wrote:

> On Wed, 10 Oct 2007 01:48:41 -0400, in comp.protocols.tcp-ip.domains
> (message <barmar-88BED3.01484110102007@comcast.dca.giganews.com>), Barry
> Margolin <barmar@alum.mit.edu> wrote:
>
> > Can you give examples of how they use them? As explained in the I-D,
> > most reverse checks start by performing a reverse lookup, then check
> > whether the name resolves to the original address. This just requires
> > one PTR record and a corresponding A record -- additional A records are
> > irrelevant and don't require corresponding PTR records.
>
> Some try to match names, as well -- that is, they check to make sure
> that the name at the PTR is also the name of the A record.

Isn't that what I said?

--
Barry Margolin, barmar@alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
*** PLEASE don't copy me on replies, I'll read them in the group ***