5. Add Address to Zone, but Forget to Add Corresponding PTR Record
Because the mappings from hostnames to IP addresses are disjointed from the mappings from IP addresses to hostnames in DNS, it’s easy to forget to add a PTR record for a new host. Adding the A record is intuitive, but many people who are used to host tables assume that adding an address record takes care of the reverse mapping, too. That’s not true—you need to add a PTR record for the host to the appropriate in-addr.arpa zone. Thankfully, the DNS console makes that easy by providing a checkbox to Create associated pointer (PTR) record when you choose New Host.
Neglecting to add the PTR record for a host usually causes that host to fail authentication checks. For example, users on the host won’t be able to ssh or scp to other hosts. The servers these programs talk to need to be able to map the connection’s IP address to a domain name to check authorization files.
In addition, some large FTP archives, including ftp.uu.net, used to refuse anonymous ftp access to hosts whose IP addresses don’t map back to domain names. ftp.uu.net’s FTP server emitted a message that read, in part:
530- Sorry, we're unable to map your IP address 140.186.66.1 to a hostname 530- in the DNS. This is probably because your nameserver does not have a 530- PTR record for your address in its tables, or because your reverse 530- nameservers are not registered. We refuse service to hosts whose 530- names we cannot resolve.
That made the reason ...
Get DNS on Windows Server 2003, 3rd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
