Is it bad to have the reverse DNS for two IPs point to the same domain name?

domain-name-system reverse-dns

If it is convenient for you as a temporary solution, it should be perfectly acceptable. I cannot think of many scenarios where having multiple PTR records with the same hostname will introduce any technical issues.

One potential scenario would be mail delivery on the new server. At least, if the forward lookup resolves to the old server. Fickle mail servers will bounce mail without hostnames/IPs being able to resolve both ways and match.

Outside of that, and I'm really trying, I can't think of any. If there's more, it's likely to be of limited scope like above.


If you have two IPs resolving to the same domain name, then you cannot have Forward Confirmed Reverse DNS (FCrDNS) for both, which is the check that many authentication schemes use (such as email servers when deciding whether to deliver your mail).

In order to get forward confirmed reverse DNS, an IP address must resolve to a hostname that resolves back that that IP address and only that IP address.

If your service is served by multiple servers on many IP addresses, you point them to something like sub01.example.com, sub02.example.com, and so on. Each one will still have working FCrDNS. You don't need the hostname for your PTR to match the public-facing hostname the user sees and in many typical cases you can't.


As long as you keep your A record pointing to one specific IP address (no round robin) this should not cause any problems.

Of course, the best practice is to always have 1 <-> 1 resolution to close the circle.

There's some thorough explanation at digitalpoint.com. The point is, it's RFC design goal, but the practical approach is - at times you don't even have access to some reverse entries (f.e. former ISP having stale records), and it shouldn't be a problem (assuming you only use 1 "live" address).

So in brief:

  • If you want your reverse DNS entry to "wait" for you when you migrate - it seems absolutely OK.
  • If you're using both servers at the same time for production - I'm not sure. Theoretically it's bad practice (see RFC 1912), but I don't think anything but mail would complain about it.

Related

Debugging slow transfer rate from server
Outgoing only SMTP server
Apache virtual host based on *source* IP
Linux / mysql: is it safe to copy mysql db files with cp command from one db to another?
Binary zone file on BIND9
How to configure a real domain name for sender address
Windows Domain replication monitoring tool
Giving access of a set of commands to a non-root user without sudo
Monitor a Windows Server using SNMP
Can I extract a specific folder using tar to another folder?
How to disable SSLCompression on Apache httpd 2.2.15? (Defense against CRIME/BEAST)
421 Misdirected Request