New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unbound reverse PTR records #5477
Comments
Thank you for creating an issue. For more information about the policies for this repository, The easiest option to gain traction is to close this ticket and open a new one using one of our templates. |
Yes, somehow. |
Would be nice to see ntopng show the correct address instead of some random alias. |
This issue has been automatically timed-out (after 180 days of inactivity). For more information about the policies for this repository, If someone wants to step up and work on this issue, |
@fichtner Is this a intended function? |
I strongly support that it should be possible to manually indicate whether a PTR record should be generated for a given override record. The problem is quite trivial, but annoying. Many web services rely on reverse name recognition. The first example that comes to mind is Zenarmor (Sensei), which presents inconsistent data in its reports in the current situation. Multiple PTR records for the same IP address cause the name to be retrieved randomly, causing the reports to show several hosts as the source despite the data coming from a single IP address. |
@swhite2 I understand that a more detailed control may require rebuilding more of the internal logic and adapting the user interface to it. It seems to me that the proposed restriction on the generation of PTR records is a reasonable solution for the moment. |
…and host overrides (#5925) In order to prevent the unpredictable behaviour of random PTR records being returned, which is not explicitly prohibited in RFC1035, it is best to restrict the creation of PTR records from every single host and alias (except for wildcard entries, no PTR records are created here), to only non-alias overrides (edit: the exception here is an alias whose parent does not create a PTR record, a wildcard entry). We also further restrict it to unique IP addresses so there can be no confusion in how to maintain the entries within the running Unbound instance. Hopefully this can pave the way for adding PTR records as a separate type instead of generating them under the hood, as is done currently. This change should at least address inconsistencies regarding random PTR records being returned as mentioned in #5477 A slight refactor of the existing unbound code is also included here for code reduction purposes.
…and host overrides (#5925) In order to prevent the unpredictable behaviour of random PTR records being returned, which is not explicitly prohibited in RFC1035, it is best to restrict the creation of PTR records from every single host and alias (except for wildcard entries, no PTR records are created here), to only non-alias overrides (edit: the exception here is an alias whose parent does not create a PTR record, a wildcard entry). We also further restrict it to unique IP addresses so there can be no confusion in how to maintain the entries within the running Unbound instance. Hopefully this can pave the way for adding PTR records as a separate type instead of generating them under the hood, as is done currently. This change should at least address inconsistencies regarding random PTR records being returned as mentioned in #5477 A slight refactor of the existing unbound code is also included here for code reduction purposes. (cherry picked from commit 92a5a22)
When I create multiple A records for the same IP address like
name1.example.domain. A 123.123.123.123
name2.example.domain. A 123.123.123.123
For each name also a PTR record is created.
123.123.123.123.in-addr.arpa PTR name1.example.domain.
123.123.123.123.in-addr.arpa PTR name2.example.domain.
There should be only one reverse record for each IP.
A checkbox if a PTR record should be created would be fine solution for this.
OPNsense 21.7.7-amd64 with unbound 1.13.2
The text was updated successfully, but these errors were encountered: