2 Feb 2006 14:52
Re: Multiple PTR records ???
Michael D Schleif <mds <at> helices.org>
2006-02-02 13:52:18 GMT
2006-02-02 13:52:18 GMT
Thank you, for those who pointed me to RFC 2181; where I found paragraph
10.2. I do not know why I did not see this in my search. Perhaps, in
chasing the problem I am trying to resolve, I was confused by what I saw
as ambiguity. Now, I am absolutely clear that this is allowed.
Is it possible that you enlightened beings can help me with my original
problem that led me to this?
I am tasked by my client to implement an Enterprise Systems Management
(ESM) solution. The software is comprised of several pieces. This
software collects and correlates information about thousands of
applications, hosts and network objects (e.g., routers, switches,
firewalls, &c.)
Not all of these objects are in the corporate DNS. Some of those that
are, have multiple PTR records.
Information about these objects comes to these various softwares,
including hostname and address attributes. Some of these "events" are
first processed by an SNMP Manager; which first knows the object by its
address; then adds a hostname, prior to sending it on to the correlation
server. Other events originate from an agent that resides on a host;
which publishes the event with a hostname attribute, as known to itself.
In this second case, the correlation server knows the address that sent
the event, and the hostname that the agent attributed to the event.
Furthermore, some of this software depends on one or both of the
following processes:
[A] name -> gethostbyname -> address -> gethostbyaddr -> name2
[B] address -> gethostbyaddr -> name -> gethostbyname -> address2
In [A], the software can get "confused" if name does not equal name2.
Corollarily, in [B], the software can get "confused" if address does not
equal address2.
This is a very simple overview. Installing djbdns for ONLY the ESM
software to use allows us a consistent query->answer process. However,
in some cases, the name the ESM software uses is NOT the name commonly
known to others in the Enterprise.
The problem comes when the software notifies administrators that a
problem exists; and that somebody should be dispatched to resolve that
problem. When somebody receives a notification, and does NOT recognize
the host by name; then, confusion sets in.
I see three (3) possible solutions to this problem:
[1] The Enterprise changes their name resolution policies and systems in
accordance with our requirements;
[2] We build a wrapper around the ESM infrastructure to "normalize"
names and addresses; or
[3] We utilize some heretofore-unknown-to-us DNS "tricks" to facilitate
the normalized names and addresses.
Unfortunately, [1] is not likely to happen.
We can do [2]; but, why should we if somebody has already realized [3]?
So, I ask you DNS wizards; what am I missing?
It occurs to me that two (2) things about multiple PTRs continue to
confuse. Assuming that the DNS software running on the corporate name
servers can be any mix; but, probably not djbdns:
[a] In general, is there any guarantee about the order in which multiple
PTRs are published? In other words, will a PTR query always return
the list of PTRs in the same order?
[b] In general, is there any guarantee which name gethostbyaddr will
select from a list? I have read that the first at the top of the
list will be that one used. In other words, from the DNS client
perspective, without guarantee as to which software this client
uses; is there any "standard" used to select one from a list of
PTRs?
I ask these questions, because I am no expert in this area. If there
are documents that I should read that will explain this; please, point
me in that direction. I have seen and read some things about this; but,
I remain confused.
Thank you, for your interest in this matter.
What do you think?
--
--
Best Regards,
mds
-
Dare to fix things before they break . . .
-
Our capacity for understanding is inversely proportional to how much
we think we know. The more I know, the more I know I don't know . . .
--
RSS Feed