1、Section 5: Reverse Lookups,Translating IP Addresses to Domain Names Handling Reverse Address Space Used By Multiple Parties,Reverse Lookups-1, 2007 Infoblox Inc. All Rights Reserved.,An Eternal Need: Translating IP Addresses to Domain Names,Answer: You cant. DNS only works in one direction. It has a
2、 single key.,A normal query does this:,What if You Want to Ask a Slightly Different Question?,Reverse Lookups-2, 2007 Infoblox Inc. All Rights Reserved.,in-addr.arpa Was Set Up to Handle These “Reverse” Lookups,To look up information on 192.35.195.10, reverse and fit into in-addr.arpa zone,192.35.19
3、5.10,arpa,in-addr.,192.,35.,10.,195.,192,35,195,10,“”,arpa,in-addr,.,Reverse Lookups-3, 2007 Infoblox Inc. All Rights Reserved.,Fortunately, We Have a Different Record Type That Can Provide This Information,The key is fitting PTR records into DNS existing hierarchy,Create PTR records for the main ho
4、st name only Do not create PTR records for alias names Do not create multiple PTR records for the same IP address,Reverse Lookups-4, 2007 Infoblox Inc. All Rights Reserved.,CIDR and DNS Dont Mesh Very Well,“”,arpa,in-addr,192,35,10,195,DNS segments on octet boundaries of an IP address,CIDR segments
5、on bit boundaries,192.35.195.0/29 Customer A 192.35.195.8/29 Customer B 192.35.195.16/29 Customer C 192.35.195.24/29 Customer D,Management of the addresses and the DNS for those addresses does not separate on octet boundaries,10.195.35.192.in-addr.arpa.,Reverse Lookups-5, 2007 Infoblox Inc. All Righ
6、ts Reserved.,DNS Administrators Solve the CIDR+DNS Problem In Several Ways,Solution 1 Everyone sends email to the administrator of the relevant subdomain of in-addr.arpa to make changesSolution 2 Delegate each IP individually as a zoneSolution 3 Use CNAMEs to “delegate” each IP to the responsible pe
7、rson,Reverse Lookups-6, 2007 Infoblox Inc. All Rights Reserved.,The Easiest Option is to Just Not Delegate,Solution 1: Everyone sends email to the administrator of the in-addr.arpa zone to make changes,Reverse Lookups-7, 2007 Infoblox Inc. All Rights Reserved.,For Small Numbers of Addresses, Each Can Be Delegated,Solution 2: Delegate each IP individually as a zone,Reverse Lookups-8, 2007 Infoblox Inc. All Rights Reserved.,Most Clear and Common Is to Use CNAMES,Solution 3: Use CNAMEs to “delegate” each IP to the responsible person in a new zone,
