HOW to prevent DNS resolver from going into revert lookup (record of PTR type)?

HOW to prevent DNS resolver from going into revert lookup (record of PTR type)?

Amos Shapira amos.shapira at gmail.com
Tue Mar 24 04:41:58 IST 2015 

On 24 March 2015 at 01:57, Lev Olshvang <lev at nyotron.com> wrote:

>  Hi Amos,
>
>
>
> I managed to persuade our sysadmin to give me permission in AD DNS server
> and I put there PTR record.
>

It should be part of his job - otherwise the PTR records will keep getting
out of sync with the A/AAAA records.


>
>
> The question is whether it is possible to confugre nsswitch, or dnsmasq,
> nscd  or other resolver from doing reverse lookup.
>

Not that I'm aware - what do you expect it to do when the client asks to
resolve an IP address? Aways fail?


>
>
> *From:* Amos Shapira [mailto:amos.shapira at gmail.com]
> *Sent:* Monday, March 23, 2015 12:50 PM
> *To:* Lev Olshvang
> *Cc:* linux-il
> *Subject:* Re: HOW to prevent DNS resolver from going into revert lookup
> (record of PTR type)?
>
>
>
> OK, I think I understand you now.
>
>
>
> Let's take a step back for a moment - you say that the client fails to
> resolve IP address back to hostnames and that causes you problems?
>
>
>
> How about configuring your DNS server to provide the right PTR records?
>
>
>
> --Amos
>
>
>
> On 23 March 2015 at 19:13, Lev Olshvang <lev at nyotron.com> wrote:
>
>  Hi Amos,
>
>
>
> Perhaps I was not clear enough.
>
> Yes, I  want to prevent client from revert lookup.
>
> The client is not my application, It is part of Linux installation in some
> docs named DNS resolver.
>
> It is configured in /etc/nsswitch.conf and then control flow of
> gethostbyname() does IP lookup and reverse lookup
>
>
>
>
>
> But back to my question – I see in sniffer  DNS query for type A record
> issued  and then DNS query for PTR record ( reverse lookup)
>
> And I want to know if there is a way to configure nsswitch to prevent
> reverse since I already get IP ith the peer.
>
>
>
> Hope now I explained the queston more thoroughly.
>
>
>
> L.
>
>
>
> *From:* Amos Shapira [mailto:amos.shapira at gmail.com]
> *Sent:* Sunday, March 22, 2015 10:08 PM
> *To:* Lev Olshvang
> *Cc:* linux-il
> *Subject:* Re: HOW to prevent DNS resolver from going into revert lookup
> (record of PTR type)?
>
>
>
> I'm not sure what you are trying to achieve here - PTR records and A
> records are completely separate entities living under different domains.
> Both of them should be maintained separately (there are probably tons of
> tools to keep them in sync if you like, but from DNS' perspective there is
> no relation between them).
>
>
>
> If you want to "prevent reverse lookup" then you should tell the client
> not to do this.
>
>
>
> On 22 March 2015 at 22:31, Lev Olshvang <lev at nyotron.com> wrote:
>
>  Hi Linuxers,
>
>
>
> I am jumping on today’s DNS thread,
>
>
>
> My Linux Debian  uses DNS service some Windows server.
>
>
>
> Linux resolver  gets back  IP address ( type A and AAA records), but fail
> to get back PTR record.
>
> ( I am observing DNS queries and failures with Wireshark)
>
>
>
> This  cause ldap to use address instead of  host name in  authentication
> realm and fail.
>
> When I add address –hostname pairs in /etc/hosts,  ldap succeeds. (it uses
> name in the realm claim)
>
>
>
>
>
>
>
> I did not yet find a way to change nsswitch.conf to some resolver that
> prevents reverse lookup,
>
> Please give me some ideas if it is possible.
>
>
>
>
>
> Lev.
>
>
> _______________________________________________
> Linux-il mailing list
> Linux-il at cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>
>
>
>
>
> --
>
> [image: Image removed by sender.] <http://au.linkedin.com/in/gliderflyer>
>
>
>
>
>
> --
>
> [image: Image removed by sender.] <http://au.linkedin.com/in/gliderflyer>
>



-- 
<http://au.linkedin.com/in/gliderflyer>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.cs.huji.ac.il/pipermail/linux-il/attachments/20150324/8e42b037/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ~WRD000.jpg
Type: image/jpeg
Size: 823 bytes
Desc: not available
URL: <http://mailman.cs.huji.ac.il/pipermail/linux-il/attachments/20150324/8e42b037/WRD000-0001.jpg>

More information about the Linux-il mailing list