[ale] Reverse DNS lookup

Michael H. Warfield mhw at wittsend.com
Mon Aug 6 10:13:11 EDT 2001


On Mon, Aug 06, 2001 at 09:56:20AM -0400, SAngell at nan.net wrote:

> How do I do this with Linux. Need to resolve an few IP addresses to host names
> for IDS systems.

	Huh?  If you've got your resolv.conf set up to point at a valid
name server, I don't see how you DON'T resolve IP addresses to host names.
The IP addresses have to have valid lookups in the in-addr.arpa zone
and that has to be coordicated with the name servers for that zone, but
that has nothing to do with your Linux setup.

	Example...  My system, alcove.wittsend.com [130.205.0.10]...

	Zone:	wittsend.com

alcove               IN   A     130.205.0.10

	Zone	0.205.130.in-addr.arpa

10              IN PTR alcove.wittsend.com.

	Now, if you do a "host alcove.wittsend.com" it does a lookup
in the "wittsend.com" zone for alcove and returns an A record of
130.205.0.10.  If you do a "host 130.205.0.10" it does a reverse
lookup in 0.205.130.in-addr.arpa for "10" and returns a PTR record
for "alcove.wittsend.com." (note: that trailing dot is MANDATORY!).

	Note that the existance of a name in a forward zone with an
A record does NOT require or even imply the existance of that address
in the reverse zone with a PTR record.  There are lots of names on the
net that you can lookup in the DNS and get an address but a reverse
lookup on that address fails.  Blame it on lazy dns admins or net admins,
but that's just a fact of life.  Very little breaks if you don't have
a valid reverse lookup.  Some strict configurations of sendmail might
refuse to receive mail from you if you don't have a reverse lookup and
if it doesn't agree with the subsequent forward lookup and some people
configure ftp to refuse to talk to you if you don't have a reverse lookup.
Those are rare.

	So...  Back to your problem...  I'm assuming that this is not
working.  You're going to have to provide more details of what you are
trying to do along with the results from "dig" and "host" for sample
addresses and FQDNs (fully qualified domain names).

> Thanks,

> Steve Angell,  MCSE, CCNA
> MIS Operations Manager
> TSYS Total Debt Management
> Phone 770-409-5570
> Fax      770-416-1752
  ^^^^^^^^^^^^^^^^^^^^^

	Looks like you are local.  You might get some face to face help
if you come out to the next ALE meeting on Thursday (plug plug...).

	Mike
-- 
 Michael H. Warfield    |  (770) 985-6132   |  mhw at WittsEnd.com
  (The Mad Wizard)      |  (678) 463-0932   |  http://www.wittsend.com/mhw/
  NIC whois:  MHW9      |  An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471    |  possible worlds.  A pessimist is sure of it!

--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.





More information about the Ale mailing list