A records, PTR records, and TTL setting
Jon Murphy
jcmurphy26 at gmail.com
Wed Jan 10 03:37:07 UTC 2024
Hi Gavin,
I apologized for not responding sooner. Otto was helpful and clued me in!
I added these details I should have included in my initial post:
https://lists.nlnetlabs.nl/pipermail/unbound-users/2024-January/008207.html <https://lists.nlnetlabs.nl/pipermail/unbound-users/2024-January/008207.html>
I am not sure if my update might change your answers below.
My comments are below.
Jon
> On Dec 27, 2023, at 12:45 AM, Gavin McCullagh <gmccullagh at gmail.com> wrote:
>
> Hi,
>
> I think you may want to think about this from a slightly different angle. Rather than "what entries should my device have in DNS?", you might want instead to ask:
>
> * "by what name(s) do I want other hosts to be able to connect to this device?" (A records)
Since the names (hostnames) are supplied by ISC DHCP, I do not wish to change the names unless that would make things correct or better.
> * "When other hosts see connections from this device, if they try to look up the name of that IP, what name should they see?" (PTR records)
Same response as above.
>
> > should there only be one A Record per device?
>
> An A record maps a name to one or more IPs. If/When a client looks up "deb12dell.localdomain", they are probably connecting to it. Why would they connect to this name and what IP do you want them to connect to? If you really want them to get back two IPs and to choose one (probably somewhat randomly, but it's they who decide), then two A records makes sense. For a single device, that's a pretty unusual choice.
Thank you! This helps. So based on the new information I posted on January 1, I think this is OK. Is it really OK?
deb12dell.localdomain. 60 IN A 192.168.60.175 (for the Ethernet connection)
deb12dell.localdomain. 60 IN A 192.168.65.180 (for the Wi-FI connection)
>
> For a website name like www.foo.com <http://www.foo.com/> with many redundant servers and IPs, it's pretty common to put multiple IPs behind a single name and let the clients choose. It allows a form of load balancing and even allows some clever clients to retry if the first IP they try fails quickly.
>
> In your case, I would probably only create an A record for the wired connection, on the assumption I don't want anyone connecting via the wireless connection which is typically slower and less reliable. If I want to explicitly be able to connect via the wireless connection, I would probably make up a second name. If the answer depends on what network the client is connecting from or some other information, things get complicated.
Again, Thank you! This too helps!
There are some wireless to wireless connections. There are a few interactions between wireless devices (like an iPhone to a wireless device).
And I could have a wireless-only laptop device (in the 192.168.65.0/24 subnet) connecting to a device that is on both Ethernet and Wireless (like the `deb12dell` device). I would connect to both devices via wireless.
So for the moment I am a little confused.
Since I receive the wireless hostname `deb12dell` (and IP 192.168.65.180) from DHCP, should I change this to `deb12dell-1`? Or just leave as-is. This is on the Wi-Fi side.
And so knowing this, I think I need to two A Records. But I am not sure (thus the confusion on my part)
I know the DCHP was not known in your response. So the confusion is my own fault.
>
> > or maybe only one PTR Record per device?
>
> A PTR record maps an IP to a domain name. If a device or system administrator sees a connection from 192.168.60.175 (perhaps in their log files) and looks up DNS to find out the name of that device, what name do you want them to see?
I want them to see `deb12dell`
>
> In your case, I would say it's reasonable and probably helpful to create a PTR for each IP address. The names you return could be the same for both or you could make up names that specify the interface if you like. If you do that, you probably want to make A records that correspond to each name you show in a PTR. There's no rule that a single device only gets one domain name in DNS - even if a device typically has one canonical name.
>
Again more confusion on my part… I need to learn about CNAME so I understand your comment.
>
> > How do I set the default TTL for A records and PTR records within unbound.conf??
>
> I don't see an obvious config option here at a quick scan (searching for the 3600 default).
>
> https://nlnetlabs.nl/documentation/unbound/unbound.conf/ <https://nlnetlabs.nl/documentation/unbound/unbound.conf/>
>
> The settings you have tried are directives on what ttl unbound may force when caching answers it receives from other upstream nameservers.
>
> Unbound is not traditionally an authoritative DNS server (one that stores answers). It is a resolver (one that finds answers on behalf of clients and caches them temporarily). You can use it as an authoritative server for your local network, as you are, but that's not really the primary use case of unbound.
Thank you! I dug through the GitHub unbound code for the number `3600` and could not find the setting.
I’ll keep reading about DNS and authoritative DNS servers just so I understand.
Thanks again (and again!)
Jon
>
> Gavin
>
>
>
>
>
>
> On Fri, Dec 22, 2023, 8:18 AM Jon Murphy via Unbound-users <unbound-users at lists.nlnetlabs.nl <mailto:unbound-users at lists.nlnetlabs.nl>> wrote:
> Hello! Newbie here and I am looking for help with A records and PTR records. I just started learning unbound and came across things that confuse me. I am experimenting with unbound Version 1.18.0. My unbound is for a local network.
>
>
> I have one device that has two network interfaces (ethernet and Wi-Fi).
>
> I added this Ethernet to unbound:
> deb12dell.localdomain. 60 IN A 192.168.60.175
> 175.60.168.192.in-addr.arpa. 60 IN PTR deb12dell.localdomain.
>
> For the 2nd network interface on "deb12dell" I added two more lines. And yes, all seems fine!
> deb12dell.localdomain. 60 IN A 192.168.65.180
> 180.65.168.192.in-addr.arpa. 60 IN PTR deb12dell.localdomain.
>
> then...
>
> I read somewhere that I should only have one A record per device (with multiple interfaces). Like this:
> deb12dell.localdomain. 60 IN A 192.168.60.175
> 175.60.168.192.in-addr.arpa. 60 IN PTR deb12dell.localdomain.
> 180.65.168.192.in-addr.arpa. 60 IN PTR deb12dell.localdomain.
>
>
> And I read somewhere else I should only have one PTR record per device. Like this:
> deb12dell.localdomain. 60 IN A 192.168.65.180
> 180.65.168.192.in-addr.arpa. 60 IN PTR deb12dell.localdomain.
> deb12dell.localdomain. 60 IN A 192.168.65.180
>
> And the above two examples just do not "feel" right.
>
> So my question is:
> - should there only be one A Record per device?
> - or maybe only one PTR Record per device?
>
> I’ve searched Giggle and I looked through the mailing list but did not find an answer.
>
> ===
>
> • Concerning TTL
> If I send A & PTR records to unbound via `unbound-control local_data` and I do NOT include the TTL value. Then I list the records via `unbound-control list_local_data` and the new records show up with a default TTL value of 3600.
>
> I tried adding all of these items, separately, to unbound.conf to see if I can set the default TTL but none work.
>
> server:
> # cache TTL settings
> cache-max-ttl:
> cache-min-ttl:
> cache-max-negative-ttl:
> infra-host-ttl:
>
> How do I set the default TTL for A records and PTR records within unbound.conf??
>
> Best regards, Jon
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20240109/638b0aa0/attachment-0001.htm>
More information about the Unbound-users
mailing list