homepage Welcome to WebmasterWorld Guest from 107.20.131.154
register, free tools, login, search, subscribe, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor
Visit PubCon.com
Home / Forums Index / Hardware and OS Related Technologies / Linux, Unix, and *nix like Operating Systems
Forum Library, Charter, Moderators: bakedjake

Linux, Unix, and *nix like Operating Systems Forum

    
Reverse Mapping err's. No A record?
Frank_Rizzo




msg:3037494
 5:01 pm on Aug 7, 2006 (gmt 0)

I scp some files from one server to another. On the target server I get this error:

reverse mapping checking getaddrinfo for nnn-nnn-nnn-nnn.static.widgethosters.com failed - POSSIBLE BREAKIN ATTEMPT!

Using dnsstuff reverse DNS I get this report:

Answer:
nnn.nnn.nnn.nnn PTR record: nnn-nnn-nnn-nnn.static.widgethosters.com. [TTL 10432s] [A=None] *ERROR* There is no A record for nnn-nnn-nnn-nnn.static.widgethosters.com. (may be negatively cached).

The IP of the server was changed a couple of weeks ago but I'm pretty sure all records are set as they should be.

Any idea what's not right?

 

mcavic




msg:3038889
 5:35 pm on Aug 8, 2006 (gmt 0)

Your numeric IP address resolves to nnn-nnn-nnn-nnn.static.widgethosters.com, but that name doesn't resolve back to the IP. This is very common for ISPs. It's wrong, but it's quite common, and isn't really a problem unless you're running a mail server on that host.

If you are serving mail, then you should ask for a reverse DNS entry to point your IP address to the proper host (mail.widgets.com).

jtara




msg:3038970
 6:26 pm on Aug 8, 2006 (gmt 0)

It's wrong, but it's quite common

I wouldn't say it's WRONG.

For example, in any case where a host has multiple names, the IP address can ONLY map-back to ONE name. Is it "wrong" that the other names don't have a reverse back to them?

If you hosting on a shared IP, you CAN'T reverse-map to your domain. The IP will map back to a name belonging to your hosting company. This is also common in the case of non-shared IPs. Some hosts will map to your name, others won't.

I'm ambivilent on the issue. While it "looks better" if it maps back to your domain name, by mapping to the host you show you are "playing by the rules". If you don't actually own the server, hosted in your own facility, I think that mapping the IP to your domain name suggests some attempt at evasion. It suggests that you are trying to hide who your hosting company is - perhaps to avoid DMCA requests to your host, legal process, etc.

The one common case where reverse-mapping is important is in the case of SMTP servers. A good reason why most people shouldn't run their own. For anti-spam reasons, many SMTP servers (or other mail delivery agents) will not pass mail to other SMTP servers that don't reverse-map back to the name given in the MX record.

If you do want to run your own SMTP server, put it on a dedicated IP address, and make sure you can set-up the reverse to point to the name used in the MX record. Or, if you do share the IP with a website, make sure the reverse points to the MX name, not the website name. (Or make the names the same.)

But you've got a bigger problem. You used a PTR record to point to a name for which there is no A record. Not sure why there isn't an A record (ask your host) but the easy quick-fix is to use an A record rather than a PTR record. Also, note, you CANNOT use a PTR record for the base domain name, in any case. (Some systems may ALLOW you to do this, but it is WRONG and WILL NOT WORK CONSISTENTLY.)

That is:

www.example.com PTR example2.com OK
example.com PTR example2.com NO

The first example will work, but only if example2.com has an A record.

Just use an A record with www.example.com and example.com in the above examples. This has the added advantage of being slightly faster due to one less DNS lookup.

mcavic




msg:3039068
 7:22 pm on Aug 8, 2006 (gmt 0)

You used a PTR record to point to a name for which there is no A record.

That's the whole point. The IP points to a name, but that name doesn't point to an IP. I wasn't objecting to using the ISP's name, I was objecting to the missing A record.

mapping the IP to your domain name suggests some attempt at evasion. It suggests that you are trying to hide who your hosting company is

Not at all -- it makes your domain look like a legitimate presence on the Internet, which sometimes helps with mail delivery.

A good reason why most people shouldn't run their own.

Agreed, running your own mail server is tricky these days, but there are good reasons for doing so, too. Especially if you have users who travel, and send mail only from domains that you own.

Frank_Rizzo




msg:3039090
 7:42 pm on Aug 8, 2006 (gmt 0)

I only get the error when scp'ing from server to server. And it only happens one way

>server_a scp file user@server_b.com:/home

is fine but

>server_b scp file user@server_a.com:/home

produces the error.

In both cases the files copy between servers but when server_a scp's to server_b an entry is placed in server_b secure log:

reverse mapping checking getaddrinfo for nnn-nnn-nnn-nnn.static.widgetshosts.com failed - POSSIBLE BREAKIN ATTEMPT!

Both servers are set up similarily where a record, cname record, dns exist and are correct.

I presume that widgethosts.com need to update something on their servers?

Both servers are dedicated and have their own exclusive IP.

[edited by: Frank_Rizzo at 7:43 pm (utc) on Aug. 8, 2006]

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Hardware and OS Related Technologies / Linux, Unix, and *nix like Operating Systems
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About
© Webmaster World 1996-2014 all rights reserved