Alan Zoysa wrote:
> Hi All,
>
> What applications do we generally use that cannot do (or optionally
> require) without a reverse address resolution.
>
> Please correct me in the following:
> DNS servers no more give out their zone entries, except SOA. A reverse
> zone is generally defined on a subnet (sequential range of IP
> addresses). Does a DNS server (having set up a corresponding reverse
> zone for a forward zone) gives out almost all information about
> Name-IP binding via reverse zone (IP-Name bindings)?
>

SMTP mail is one "application" that comes to mind, which often uses
reverse lookups as a (crude, arguably obsolete) anti-spam measure.
Clients with no reverse mappings, or whose reverse mappings do not match
their forward mappings, are considered to be "suspect" and thus
potential sources of spam.

DNS servers *do* give out their zone entries, not just SOA.

Reverse zones are defined on *octet*boundaries*, which may or may not
correspond to "subnets". "Subnet" is a routing/switching term and DNS
knows nothing of network topology.

There is no necessary "correspondence" between a forward zone and a
reverse zone. We (Chrysler) are one example of an organization that has
several reverse zones and hundreds of forward zones, and there is no
consistent mapping between them.

If "Name-IP binding" means forward (name-to-address) mapping, and
"IP-Name binding" means reverse (address-to-name) mapping, I don't why
or how you would get the idea that forward lookups are made "via"
reverse lookups.

The only thing that comes to mind is the "double lookup" phenomenon,
where some types of server will, as a weak form of authentication, do a
reverse lookup of the connecting client's address, then a forward lookup
of the result obtained by the reverse lookup, and then compare the two.
But "double lookups" are the exception rather than the rule. Most
forward lookups are "spontaneous" in that sense and have nothing to do
with reverse lookups.


- Kevin