Why you shouldn't use Multiple PTR records on a single IP

-
 A "valid" PTR record is one which resolves to a name which resolves back to theaddress. For this reason, your PTR records shouldn't use names that resolveback to multiple addresses.Reasoning behind all this (read on only if you care):
 
There's no rule in the RFC's saying that there must be a PTR record for every Arecord, though it is listed as a design goal. It also never says that you can'thave multiple PTR records for a given address; unfortunately, doing so createshavoc. The reason for this is the way that records are reported and recognized.Suppose you have multiple PTR records for a given address. Then this happens:
 1) A request is made for PTR records for the address, by something trying toverify one of the hostnames.
 2) The server treats the set of PTR records in round-robin, "load sharing" theresults. In effect, it reorders the records in an essentially randompermutation, and reports them all. 
3) The requester sees a stack of records, but only reads the first one. 
 
Therest are assumed to be supporting records (NS records, etc.). Thus the resultis a randomly-chosen record from the set of PTR records.4) There is little chance that the resulting name matches the name that was started with.A similar problem occurs if the name given in the PTR record resolves back to multiple addresses. 
 
This would occur if, for example, Netscape's download manager, in trying to verify eligibility to download 128-bit encryption versions of their software, attempts to break through fake PTR records by verifying that the name then resolves back to the address.The only effective way to achieve the design goal of a one-to-one correlation between A records and PTR records is to never have more than one A record per address. 
 
This means that you can't have both company.com and company.org resolve to the same address (because neither can be a CNAME alias), meaning that if they are to have the same website, you need to have some mechanism that puts them together despite being on separate addresses.This practice is part of what lead to the current shortage of addresses, which is what prompted the W3C to endorse the WebSTAR-style virtual hosting system as the preferred method of putting multiple websites on one server.
 
Ref:

Comments

Post a Comment

Popular posts from this blog

Cambium cnPilot E400/E410/E500 Configuration Tutorial

-
Image
Basic Connectivity:   Router (Broadband/mikrotik |dhcp enabled) >>> E400/E410/E500 + LAPTOP Cambium (Powered ON) [POE port] >>>> LAPTOP [LAN port] Step 1: Open Cambium controller in the browser. Step 2: After entering in to the site click on the Onboard Device option from Home Tab of Left Panel. Step 3: In the Onboard Option, we will get Claim Device option to adopt a Cambium AP. Step 4: Now we will move to the Cambium AP configuration Part. Below are credentials of default login access of cnpilot E400/E410/E500/E410/E500. IP:192.168.0.1 Command Line Access: Username: admin Telnet: Disabled by default Password: admin SSH: Enabled by default (on standard port: 22) ***We can also use dhcp IP to login to the cnpilot E400/E410/E500. We will get login page. Step 5: We can see several TAB on left panel. On the DashBoard Tab, we will get some overall information. Some are useful for the configuration; some are useful for troubleshoo...
Read more

Disabling Zimbra's AntiSpam, Amavis and AntiVirus filtering

-
 Check whether antispam and antivirus service is enabled currently on server using the given command zmprov -l gs <mail.example.com> | egrep -i 'serviceen|servicein'  The above command will list all the services which are currently installed and enabled on the server. Disable the antivirus and antispam services using the given commands zmprov -l ms <mail.example.com> -zimbraServiceEnabled antispam  zmprov -l ms <mail.example.com> -zimbraServiceEnabled amavis zmprov -l ms <mail.example.com> -zimbraServiceEnabled antivirus  Comment the following line in the file /opt/zimbra/postfix/conf/main.cf content_filter = smtp-amavis:[127.0.0.1]:10024  Restart services on server zmcontrol restart  Confirm that the antispam and antivirus services are disabled with the given command zmprov -l gs <mail.example.com> | egrep -i 'serviceen|servicein'  zmcontrol status 
Read more

Error "Unable to retrive Zimbra GPG key for package validation"

-
From the installation log we see: Executing: /tmp/tmp.mSlzRMclVa/gpg.1.sh --keyserver keyserver.ubuntu.com --recv-keys 9BE6ED79 gpg: requesting key 9BE6ED79 from hkp server keyserver.ubuntu.com gpg: keyserver timed out gpg: keyserver receive failed: keyserver error 1. Open port 11371 11371 tcp,udp hkp OpenPGP HTTP Keyserver 2. Force it to use port 80: gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 9BE6ED79 Ref: https://wiki.zimbra.com/wiki/Error_%22Unable_to_retrive_Zimbra_GPG_key_for_package_validation%22
Read more