A records, PTR records, and TTL setting

Gavin McCullagh gmccullagh at gmail.com
Wed Dec 27 06:45:44 UTC 2023 

Hi,

I think you may want to think about this from a slightly different angle.
Rather than "what entries should my device have in DNS?", you might want
instead to ask:

* "by what name(s) do I want other hosts to be able to connect to this
device?" (A records)
* "When other hosts see connections from this device, if they try to look
up the name of that IP, what name should they see?" (PTR records)

> should there only be one A Record per device?

An A record maps a name to one or more IPs.  If/When a client looks up
"deb12dell.localdomain", they are probably connecting to it.  Why would
they connect to this name and what IP do you want them to connect to?   If
you really want them to get back two IPs and to choose one (probably
somewhat randomly, but it's they who decide), then two A records makes
sense.  For a single device, that's a pretty unusual choice.

For a website name like www.foo.com with many redundant servers and IPs,
it's pretty common to put multiple IPs behind a single name and let the
clients choose.  It allows a form of load balancing and even allows some
clever clients to retry if the first IP they try fails quickly.

In your case, I would probably only create an A record for the wired
connection, on the assumption I don't want anyone connecting via the
wireless connection which is typically slower and less reliable.  If I want
to explicitly be able to connect via the wireless connection, I would
probably make up a second name.  If the answer depends on what network the
client is connecting from or some other information, things get
complicated.

> or maybe only one PTR Record per device?

A PTR record maps an IP to a domain name.  If a device or system
administrator sees a connection from 192.168.60.175 (perhaps in their log
files) and looks up DNS to find out the name of that device, what name do
you want them to see?

In your case, I would say it's reasonable and probably helpful to create a
PTR for each IP address.  The names you return could be the same for both
or you could make up names that specify the interface if you like.  If you
do that, you probably want to make A records that correspond to each name
you show in a PTR.  There's no rule that a single device only gets one
domain name in DNS - even if a device typically has one canonical name.


> How do I set the default TTL for A records and PTR records within
unbound.conf??

I don't see an obvious config option here at a quick scan (searching for
the 3600 default).

https://nlnetlabs.nl/documentation/unbound/unbound.conf/

The settings you have tried are directives on what ttl unbound may force
when caching answers it receives from other upstream nameservers.

Unbound is not traditionally an authoritative DNS server (one that stores
answers).  It is a resolver (one that finds answers on behalf of clients
and caches them temporarily).  You can use it as an authoritative server
for your local network, as you are, but that's not really the primary use
case of unbound.

Gavin






On Fri, Dec 22, 2023, 8:18 AM Jon Murphy via Unbound-users <
unbound-users at lists.nlnetlabs.nl> wrote:

> Hello!  Newbie here and I am looking for help with A records and PTR
> records.  I just started learning unbound and came across things that
> confuse me.  I am experimenting with unbound Version 1.18.0.  My unbound is
> for a local network.
>
>
> I have one device that has two network interfaces (ethernet and Wi-Fi).
>
> I added this Ethernet to unbound:
>   deb12dell.localdomain. 60 IN A 192.168.60.175
>   175.60.168.192.in-addr.arpa. 60 IN PTR deb12dell.localdomain.
>
> For the 2nd network interface on "deb12dell" I added two more lines.  And
> yes, all seems fine!
>   deb12dell.localdomain. 60 IN A 192.168.65.180
>   180.65.168.192.in-addr.arpa. 60 IN PTR deb12dell.localdomain.
>
> then...
>
> I read somewhere that I should only have one A record per device (with
> multiple interfaces).  Like this:
>   deb12dell.localdomain. 60 IN A 192.168.60.175
>   175.60.168.192.in-addr.arpa. 60 IN PTR deb12dell.localdomain.
>   180.65.168.192.in-addr.arpa. 60 IN PTR deb12dell.localdomain.
>
>
> And I read somewhere else I should only have one PTR record per device.
> Like this:
>   deb12dell.localdomain. 60 IN A 192.168.65.180
>   180.65.168.192.in-addr.arpa. 60 IN PTR deb12dell.localdomain.
>   deb12dell.localdomain. 60 IN A 192.168.65.180
>
> And the above two examples just do not "feel" right.
>
> So my question is:
> - should there only be one A Record per device?
> - or maybe only one PTR Record per device?
>
> I’ve searched Giggle and I looked through the mailing list but did not
> find an answer.
>
> ===
>
> • Concerning TTL
> If I send A & PTR records to unbound via `unbound-control local_data` and
> I do NOT include the TTL value.  Then I list the records via
> `unbound-control list_local_data` and the new records show up with a
> default TTL value of 3600.
>
> I tried adding all of these items, separately, to unbound.conf to see if I
> can set the default TTL but none work.
>
>  server:
>    # cache TTL settings
>    cache-max-ttl:
>    cache-min-ttl:
>    cache-max-negative-ttl:
>    infra-host-ttl:
>
> How do I set the default TTL for A records and PTR records within
> unbound.conf??
>
> Best regards,  Jon
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20231226/92b60311/attachment.htm>

More information about the Unbound-users mailing list