stream-dns icon indicating copy to clipboard operation
stream-dns copied to clipboard
verified publisher icon CleverCloud

Prohibit PTR record which doesnt point to a primary name

Open NotBad4U opened this issue 6 years ago • 0 comments

Overview

According to rfc 1034, domain names in RRs which point at another name (PTR record) should always point at the primary name and not the alias. This avoids extra indirections in accessing information.

Example:

USC-ISIC.ARPA   IN      CNAME   C.ISI.EDU
C.ISI.EDU       IN      A       10.0.0.52
; point the .ARPA domain name to  the primary name and not his alias
52.0.0.10.IN-ADDR.ARPA  IN      PTR     C.ISI.EDU

What to do

  • We should verify than a PTR record received point to a primary name and not a CNAME
  • Log an error and reject the record if it's the case

NotBad4U avatar Aug 07 '19 10:08 NotBad4U