(verifying) reverse host lookup

Hi,

Two questions/observations.

1. Is there an expansion variable that expands to the host-name as
obtained by a reverse lookup of the IP?
At firts I thought that was $sender_host_name but noticed it did not always
work (as I expected). Upon re-reading the documentation more carefully I
discovered that this variable is only set if the found host-name also
resolves back to the original IP. Is there a varible (or a way) to get the
hostname if it does not resolve back to the IP?

2. Considering the above, is there a (functional) difference between using
"verify = reverse_host_lookup" and
"condition = ${if def:sender_host_name}}" in an ACL? Unless I'm
overlooking something I don't thinks so. Guess my question is; am I
overlooking something?

Regards,
Mark.

On 16 Jan 2007 18:40:00 GMT, Mark <_markdv_@tiscali.nl> wrote:

>2. Considering the above, is there a (functional) difference between using
>"verify = reverse_host_lookup" and
>"condition = ${if def:sender_host_name}}" in an ACL? Unless I'm
>overlooking something I don't thinks so. Guess my question is; am I
>overlooking something?

A host can have several names and the reverse DNS isn't always going
to return that particular one. For example, suppose a cpanel host has
a domain example.com and the user has set the machine to also resolve
as ns1.example.com and mx.example.com and www.example.com. I believe
that reverse DNS will always resolve to just example.com, even if the
machine name has been set to ns1.example.com in linux.

Also, suppose he adds a business website called example2.com and that
user wants it to appear as if he has his own mail server and probably
name servers as well if the registrar will let him point a new
nameserver to an address that is already a nameserver. BTW, I've seen
the nameserver thing be refused by a registrar and I've also seen it
work on the same registrar. Anyway, he sets the mx record for
example2.com to point to mx.example2.com. A forward lookup on
mx.example2.com will return the correct IP address, but a reverse DNS
lookup will still return example.com.

Hope this helps,

-- David

On Wed, 17 Jan 2007 21:14:26 -0600, David Ball wrote:

> On 16 Jan 2007 18:40:00 GMT, Mark <_markdv_@tiscali.nl> wrote:
>
>>2. Considering the above, is there a (functional) difference between using
>>"verify = reverse_host_lookup" and
>>"condition = ${if def:sender_host_name}}" in an ACL? Unless I'm
>>overlooking something I don't thinks so. Guess my question is; am I
>>overlooking something?
>
> A host can have several names and the reverse DNS isn't always going
> to return that particular one. For example, suppose a cpanel host has
> a domain example.com and the user has set the machine to also resolve
> as ns1.example.com and mx.example.com and www.example.com. I believe
> that reverse DNS will always resolve to just example.com, even if the
> machine name has been set to ns1.example.com in linux.

It is possible, and AFAIK legal, to have a reverse (ptr) lookup return
multiple names. But a lot of applications don't handle that situation
very well so you're usually better off just keeping it simple.

> Also, suppose he adds a business website called example2.com and that
> user wants it to appear as if he has his own mail server and probably
> name servers as well if the registrar will let him point a new
> nameserver to an address that is already a nameserver. BTW, I've seen
> the nameserver thing be refused by a registrar and I've also seen it
> work on the same registrar. Anyway, he sets the mx record for
> example2.com to point to mx.example2.com. A forward lookup on
> mx.example2.com will return the correct IP address, but a reverse DNS
> lookup will still return example.com.
>
> Hope this helps,

Well, it explains some of the subtleties involved in forward/reverse
naming, but I don't think it helps me answer my question.

Thanks though,
Mark.

P.S. It's pretty quiet in this group. Guess most of the 'action' is on
the mailing lists? Too bad, I prefer usenet...