BIND: PTR record

From OnnoWiki
Jump to navigation Jump to search

Sumber: http://www.zytrax.com/books/dns/ch8/ptr.html

Pointer records are the opposite of A and AAAA RRs and are used in Reverse Map zone files to map an IP address (IPv4 or IPv6) to a host name.

Format

name ttl  class   rr     name
15         IN     PTR    www.example.com.

The value '15' (the base IP address) in the above example is actually a name (an owner-name or left-hand name) and because it does not teminate with a 'dot' BIND appends the $ORIGIN (or if an $ORIGIN is missing the zone name that referenced this zone file). The example below, which defines a reverse map zone file for the Class C address 192.168.23.0, should make this clearer:

$TTL 2d ; 172800 secs
$ORIGIN 23.168.192.IN-ADDR.ARPA.
@             IN      SOA   ns1.example.com. hostmaster.example.com. (
                              2003080800 ; serial number
                              12h         ; refresh
                              15m        ; update retry
                              3w         ; expiry
                              3h         ; NXDOMAIN ttl
                              )
              IN      NS      ns1.example.com.
              IN      NS      ns2.example.com.
; 2 below is actually an unqualified name and becomes
; 2.23.168.192.IN-ADDR.ARPA.
2             IN      PTR     joe.example.com. ; FDQN
....
15            IN      PTR     www.example.com.
....
17            IN      PTR     bill.example.com.
....
74            IN      PTR     fred.example.com.
.... 

Notes:

  • Because the $ORIGIN reflects the reverse map domain, all right-hand names must use an FQDN format (they end with a dot). If the terminating dot on joe.example.com above were omitted in error it would become joe.example.com.23.168.192.IN-ADDR.ARPA - not the desired result!.
  • PTR RRs (Resource Records), like most other RRs, may be part of an RRset (RRs which have the same owner-name (left-hand name) and RR type). If multiple owner-names are assigned to a single host (IPv4 or IPv6) in a forward mapped zone file using CNAME RRs, A RRs or AAAA RRs then each of these owner-names can be defined using a PTR RRset in the reverse map (though, obviously, the owner-name of the original RR is transposed to a right-hand name in the PTR RR), for example:
; forward zone file for example.com
...
mail  IN  A     192.168.0.7
www   IN  A     192.168.0.7
; OR
mail  IN  A     192.168.0.7
www   IN  CNAME 192.168.0.7
...
# reverse map zone file for 0.168.192.IN-ADDR.ARPA
...
7     IN  PTR   mail.example.com.
7     IN  PTR   www.example.com.
...
  • The reverse map zone file is prefectly legitimate. However, in tests a number of mail systems, which invariably perform a reverse look up, did not handle PTR RRsets and failed unless the mail server appeared first which is difficult to guarantee (see rrset-order). Thus, if a mail server (mail.example.com) and, say, a web server (www.example.com) both have the same IP address (as illustrated in the example above) then since mail systems invariably use reverse lookups as a trivial security check it may be sensible to define the reverse map to only contain mail.example.com.
  • It is not mandatory (for either IPv4 or IPv6), but considered good practise, to define all assigned IPs in a reverse map. Care should, however, be exercised to avoid huge PTR RRsets. For example, a web server may map thousands of virtual domains onto a single IP address (of the web server). If every one of these virtual domains appeared in the reverse map (a legitimate construct) then a reverse map query would lead to a huge RRset response and a DDoS attack would be a likely result.
  • It is sensible to define the reverse map zone file in order of IP addresses (the zone file is always sorted into canonical order when it is loaded by DNS software) or some other fixed order to avoid subsequent errors (duplications or omissions) or to simplify manual searching for a particular value.
  • There are no A RRs for the defined NS names (respectively ns1.example.com and ns2.example.com) since both are out-of-zone names. Any lookup is done via the forward zone file for example.com in which suitable A RRs for these names must exist.

PTR Usage: While the overwhelming use of the PTR RR is in reverse mapping (for both IPv4 and IPv6) the PTR RR is not limited to this usage. Essentially, the PTR record may be thought of as a CNAME like RR (mapping a name to another name). The significant difference is that a query which results in a CNAME RR will cause the DNS to automatically restart the query using the alias (or canonical) name if it resolves within the same domain. When a query results in a PTR RR(s) the response is immediately returned and no further DNS processing results. Other than reverse mapping, this author cannot immediately think of a use for such a capability. More imaginitive readers may find alternative applications.

PTR and IPv6

IPv6 and IPv4 addresses cannot be mixed in the same zone file as they can for forward-map zones. IPv6 addresses are reverse mapped under the domain IP6.ARPA whereas IPv4 addresses are mapped under the IN-ADDR.ARPA domain. IPv6 reverse-maps use a nibble domain name format defined in Chapter 3. The following fragment illustrates the use of the PTR RR to reverse-map the IPv6 addresses 2001:db8:0:1::1, 2001:db8:0:1::1, 2001:db8:0:2::1 and 2001:db8:0:1::1:

; reverse IPV6 zone file for example.com
$TTL 2d    ; default TTL for zone 172800 secs
$ORIGIN 0.0.0.0.8.b.d.0.1.0.0.2.IP6.ARPA.
@         IN      SOA   ns1.example.com. hostmaster.example.com. (
                        2003080800 ; sn = serial number
                        12h         ; refresh = refresh
                        15m        ; retry = update retry
                        3w         ; expiry = expiry
                        2h         ; NXDOMAIN TTL
                        )
; name servers Resource Recordsfor the domain
          IN      NS      ns1.example.com.
; the second name servers is 
; external to this zone (domain).
          IN      NS      ns2.example.net.
; PTR RR maps a IPv6 address to a host name
; hosts in subnet ID 1
1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.0.0.0         IN      PTR     ns1.example.com.
2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.0.0.0         IN      PTR     mail.example.com.
; hosts in subnet ID 2
1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.0         IN      PTR     joe.example.com.
2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.0         IN      PTR     www.example.com.

Notes: The IPv6 range 2001:db8:: has been reserved for documentation purposes only by the great and mighty.