HOW to prevent DNS resolver from going into revert lookup (record of PTR type)?

HOW to prevent DNS resolver from going into revert lookup (record of PTR type)?

Amos Shapira amos.shapira at gmail.com
Mon Mar 23 12:49:48 IST 2015 

OK, I think I understand you now.

Let's take a step back for a moment - you say that the client fails to
resolve IP address back to hostnames and that causes you problems?

How about configuring your DNS server to provide the right PTR records?

--Amos

On 23 March 2015 at 19:13, Lev Olshvang <lev at nyotron.com> wrote:

>  Hi Amos,
>
>
>
> Perhaps I was not clear enough.
>
> Yes, I  want to prevent client from revert lookup.
>
> The client is not my application, It is part of Linux installation in some
> docs named DNS resolver.
>
> It is configured in /etc/nsswitch.conf and then control flow of
> gethostbyname() does IP lookup and reverse lookup
>
>
>
>
>
> But back to my question – I see in sniffer  DNS query for type A record
> issued  and then DNS query for PTR record ( reverse lookup)
>
> And I want to know if there is a way to configure nsswitch to prevent
> reverse since I already get IP ith the peer.
>
>
>
> Hope now I explained the queston more thoroughly.
>
>
>
> L.
>
>
>
> *From:* Amos Shapira [mailto:amos.shapira at gmail.com]
> *Sent:* Sunday, March 22, 2015 10:08 PM
> *To:* Lev Olshvang
> *Cc:* linux-il
> *Subject:* Re: HOW to prevent DNS resolver from going into revert lookup
> (record of PTR type)?
>
>
>
> I'm not sure what you are trying to achieve here - PTR records and A
> records are completely separate entities living under different domains.
> Both of them should be maintained separately (there are probably tons of
> tools to keep them in sync if you like, but from DNS' perspective there is
> no relation between them).
>
>
>
> If you want to "prevent reverse lookup" then you should tell the client
> not to do this.
>
>
>
> On 22 March 2015 at 22:31, Lev Olshvang <lev at nyotron.com> wrote:
>
>  Hi Linuxers,
>
>
>
> I am jumping on today’s DNS thread,
>
>
>
> My Linux Debian  uses DNS service some Windows server.
>
>
>
> Linux resolver  gets back  IP address ( type A and AAA records), but fail
> to get back PTR record.
>
> ( I am observing DNS queries and failures with Wireshark)
>
>
>
> This  cause ldap to use address instead of  host name in  authentication
> realm and fail.
>
> When I add address –hostname pairs in /etc/hosts,  ldap succeeds. (it uses
> name in the realm claim)
>
>
>
>
>
>
>
> I did not yet find a way to change nsswitch.conf to some resolver that
> prevents reverse lookup,
>
> Please give me some ideas if it is possible.
>
>
>
>
>
> Lev.
>
>
> _______________________________________________
> Linux-il mailing list
> Linux-il at cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>
>
>
>
>
> --
>
> [image: Image removed by sender.] <http://au.linkedin.com/in/gliderflyer>
>



-- 
<http://au.linkedin.com/in/gliderflyer>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.cs.huji.ac.il/pipermail/linux-il/attachments/20150323/683335ec/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ~WRD000.jpg
Type: image/jpeg
Size: 823 bytes
Desc: not available
URL: <http://mailman.cs.huji.ac.il/pipermail/linux-il/attachments/20150323/683335ec/WRD000.jpg>

More information about the Linux-il mailing list