[CentOS] Apache/Active Directory authentication

Fri Mar 18 21:59:52 UTC 2011
Michael B Allen <ioplex at gmail.com>

On Fri, Mar 18, 2011 at 2:58 PM, R P Herrold <herrold at owlriver.com> wrote:
> On Fri, 18 Mar 2011, Michael B Allen wrote:
>
>> True. You cannot have multiple PTR records for an IP. I did not mean
>> to suggest that you could.
>
> Not saying you are wrong here, but have you an RFC reference
> to this effect?  We previously held this belief from our prior
> practice, but cannot find a clear prohibition of such.  As
> such our DNS zonefile management code does not enforce such a
> limitation presently
>
> Considering the issue from the other side, there is nothing
> that requires simplicity if implementation of a client that
> says it can accept only a single PTR, rather than an array of
> replies and then walking the reverses

Hello R,

No, I do not have a citation and theoretically having multiple PTR
records for an IP might actually be quite reasonable. However, I would
imagine it would be fairly limited to things like clusters or servers
that should have the outward appearance of being identical. For
something like kerberos with HTTP servers doing virtual hosting (like
what John and I have been discussing in this thread), I suspect
multiple PTRs for the web server would create quite a mess.

Mike

-- 
Michael B Allen
Java Active Directory Integration
http://www.ioplex.com/