OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Re: smtpd: gethostby*.getanswer: asked for foo, got foo

From: mouss (mlist.onlyfree.fr)
Date: Fri Aug 24 2007 - 06:22:17 CDT


martin f krafft wrote:
> also sprach Wietse Venema <wietseporcupine.org> [2007.08.23.1513 +0200]:
>> smtpd is not trying to tell anything. Some friendly helpful SYSTEM
>> library is calling syslog() from inside the bowels of a library
>> function (what a brilliant idea).
>
> Using a CNAME to a PTR record is entirely acceptable and should not
> result in a warning, I think.

RFC1034 (section 3.6.2) says:

====
Domain names in RRs which point at another name should always point at
the primary name and not the alias. This avoids extra indirections in
accessing information. For example, the address to name RR for the
above host should be:

     52.0.0.10.IN-ADDR.ARPA IN PTR C.ISI.EDU

rather than pointing at USC-ISIC.ARPA. Of course, by the robustness
principle, domain software should not fail when presented with CNAME
chains or loops; CNAME chains should be followed and CNAME loops
signalled as an error.
====

This is cited in RFC2181 (section 10.2).

RFC1912 (section 2.1) says:
===
    ... Also,
    PTR records must point back to a valid A record, not a alias defined
    by a CNAME. ...
==

>
> Anyway, this is in libc6 resolv/nss_dns/dns-host.c and is only one
> of many syslog calls by libc6. I am not sure there is anything I can
> do.
>
> Thanks for your time.
>