1

I've BIND on my lan and I created a zone:

$ORIGIN example.com.
$TTL 604800 ; 1 week
@       IN SOA  ns1.example.com. max.example.com. (
                2017103151 ; serial
                604800     ; refresh (1 week)
                86400      ; retry (1 day)
                2419200    ; expire (4 weeks)
                604800     ; minimum (1 week)
                )
        IN  NS  ns1.example.com.
        IN  NS  ns2.example.com.
            MX  10 mx1.example.com.

server1         A   192.168.1.100
ns1         A   192.168.1.101
ns2         A   192.168.1.102
mx1         A   192.168.1.100
ftp         CNAME   server1
pop3            CNAME   server1
imap            CNAME   server1

REVERSE ZONE:

$ORIGIN 1.168.192.in-addr.arpa.
$TTL 604800     ; 1 week
@       IN SOA  ns1.example.com. max.example.com. (
                                2017103136 ; serial
                                604800     ; refresh (1 week)
                                86400      ; retry (1 day)
                                2419200    ; expire (4 weeks)
                                604800     ; minimum (1 week)
                                )
                IN      NS      ns1.example.com.
                IN      NS      ns2.example.com.
100                     PTR     ftp.example.com.
100                     PTR     mx1.example.com.
100                     PTR     www.example.com.
100                     PTR     smtp.example.com.
100                     PTR     mail.example.com.
100                     PTR     pop3.example.com.
100                     PTR     imap.example.com.
101                     PTR     ns1.example.com.
102                     PTR     ns2.example.com.

Everything works, but there's a strange behavior with ping command:

ping mx1.example.com
64 bytes from www.example.com (192.168.1.100): icmp_seq=1 ttl=64 time=0.102 ms

ping imap.example.com
64 bytes from pop3.example.com (192.168.1.100): icmp_seq=1 ttl=64 time=0.102 ms
Pol Hallen
  • 1,055
  • 2
  • 13
  • 22
  • You seem to get round-robin results for *reverse lookups*. If you have a reverse zone (1.168.192.in-addr.arpa.) , check that for multiple entries or check your hosts file for multiple entries. The forward zone looks correct BTW – HBruijn Nov 01 '17 at 10:45
  • 1
    Also https://serverfault.com/questions/618700/why-multiple-ptr-records-in-dns-is-not-recommended – Petter H Nov 01 '17 at 11:14
  • 1
    dear god why RR rDNS – Jacob Evans Nov 01 '17 at 13:13

1 Answers1

1

This is a normal behavior and you get similar results when trying to ping www.google.com. Here is an example:

khaled@my-server:~$ ping www.google.com
PING www.google.com (216.58.212.100) 56(84) bytes of data.
64 bytes from lhr35s06-in-f4.1e100.net (216.58.212.100): icmp_seq=1 ttl=54 time=94.5 ms
64 bytes from lhr35s06-in-f4.1e100.net (216.58.212.100): icmp_seq=2 ttl=54 time=96.0 ms
64 bytes from lhr35s06-in-f4.1e100.net (216.58.212.100): icmp_seq=3 ttl=54 time=94.5 ms

You can see the returned name is different than original name used in ping command. This is clearly a reverse DNS name. To verify, you can use the following command:

khaled@my-server:~$ host 216.58.212.100
100.212.58.216.in-addr.arpa domain name pointer lhr35s06-in-f100.1e100.net.
100.212.58.216.in-addr.arpa domain name pointer lhr35s06-in-f4.1e100.net.

You can disable reverse lookup using -n option like:

khaled@my-server:~$ ping -n www.google.com
PING www.google.com (216.58.212.100) 56(84) bytes of data.
64 bytes from 216.58.212.100: icmp_seq=1 ttl=54 time=94.6 ms
64 bytes from 216.58.212.100: icmp_seq=2 ttl=54 time=94.6 ms
Khaled
  • 35,688
  • 8
  • 69
  • 98