2 Feb 2006 14:52
Re: Multiple PTR records ???
Michael D Schleif <mds <at> helices.org>
2006-02-02 13:52:18 GMT
2006-02-02 13:52:18 GMT
Thank you, for those who pointed me to RFC 2181; where I found paragraph 10.2. I do not know why I did not see this in my search. Perhaps, in chasing the problem I am trying to resolve, I was confused by what I saw as ambiguity. Now, I am absolutely clear that this is allowed. Is it possible that you enlightened beings can help me with my original problem that led me to this? I am tasked by my client to implement an Enterprise Systems Management (ESM) solution. The software is comprised of several pieces. This software collects and correlates information about thousands of applications, hosts and network objects (e.g., routers, switches, firewalls, &c.) Not all of these objects are in the corporate DNS. Some of those that are, have multiple PTR records. Information about these objects comes to these various softwares, including hostname and address attributes. Some of these "events" are first processed by an SNMP Manager; which first knows the object by its address; then adds a hostname, prior to sending it on to the correlation server. Other events originate from an agent that resides on a host; which publishes the event with a hostname attribute, as known to itself. In this second case, the correlation server knows the address that sent the event, and the hostname that the agent attributed to the event. Furthermore, some of this software depends on one or both of the following processes: [A] name -> gethostbyname -> address -> gethostbyaddr -> name2 [B] address -> gethostbyaddr -> name -> gethostbyname -> address2 In [A], the software can get "confused" if name does not equal name2. Corollarily, in [B], the software can get "confused" if address does not equal address2. This is a very simple overview. Installing djbdns for ONLY the ESM software to use allows us a consistent query->answer process. However, in some cases, the name the ESM software uses is NOT the name commonly known to others in the Enterprise. The problem comes when the software notifies administrators that a problem exists; and that somebody should be dispatched to resolve that problem. When somebody receives a notification, and does NOT recognize the host by name; then, confusion sets in. I see three (3) possible solutions to this problem:  The Enterprise changes their name resolution policies and systems in accordance with our requirements;  We build a wrapper around the ESM infrastructure to "normalize" names and addresses; or  We utilize some heretofore-unknown-to-us DNS "tricks" to facilitate the normalized names and addresses. Unfortunately,  is not likely to happen. We can do ; but, why should we if somebody has already realized ? So, I ask you DNS wizards; what am I missing? It occurs to me that two (2) things about multiple PTRs continue to confuse. Assuming that the DNS software running on the corporate name servers can be any mix; but, probably not djbdns: [a] In general, is there any guarantee about the order in which multiple PTRs are published? In other words, will a PTR query always return the list of PTRs in the same order? [b] In general, is there any guarantee which name gethostbyaddr will select from a list? I have read that the first at the top of the list will be that one used. In other words, from the DNS client perspective, without guarantee as to which software this client uses; is there any "standard" used to select one from a list of PTRs? I ask these questions, because I am no expert in this area. If there are documents that I should read that will explain this; please, point me in that direction. I have seen and read some things about this; but, I remain confused. Thank you, for your interest in this matter. What do you think? -- -- Best Regards, mds - Dare to fix things before they break . . . - Our capacity for understanding is inversely proportional to how much we think we know. The more I know, the more I know I don't know . . . --