nanog mailing list archives
Re: is reverse dns required? (policy question)
From: Andre Oppermann <nanog-list () nrg4u com>
Date: Fri, 03 Dec 2004 11:02:13 +0100
Mark Andrews wrote:
In article <41AF5C33.4050202 () nrg4u com> you write:You would put in a global wildcard that says no smtp sender here. Only for those boxes being legitimate SMTP to outside senders you'd put in a more specific record as shown above. You probably have to enter some dozen to one hundred servers this way. Sure your reverse zone scripts need some changes but it's only two or three lines. Ideally you could tell your DNS server in the zone file this: _send._smtp._srv.*.*.173.128.in-addr.arpa. IN TXT "0" _send._smtp._srv.*.*.82.198.in-addr.arpa. IN TXT "0" being overidden by more specific information on single IP addresses.You obviouly do not know how wildcard work in the DNS or you would not have made this suggestion. Please read RFC 1034 and work though Section 4.3.2. Algorithm with a QNAME of _send._smtp._srv.1.1.173.128.in-addr.arpa.
The wildcards are in the DNS server zone file for interpretation by the DNS server itself. It would not be published as such because that obviously wouldn't work as you prove. But nothing is preventing BIND or whatever from taking this wildcard record and answering every request with the wildcard "_send._smtp._srv.*" RR if no more-specific exists. This should be relatively straight forward to code. Wouldn't want to touch the code base of BIND but for DJBDNS I could somewhat easily implement it. -- Andre
Current thread:
- Re: is reverse dns required? (policy question), (continued)
- Re: is reverse dns required? (policy question) Steven Champeon (Dec 01)
- Re: is reverse dns required? (policy question) Valdis . Kletnieks (Dec 01)
- Re: is reverse dns required? (policy question) Steven Champeon (Dec 01)
- Re: is reverse dns required? (policy question) Valdis . Kletnieks (Dec 01)
- Re: is reverse dns required? (policy question) Steven Champeon (Dec 01)
- Re: is reverse dns required? (policy question) Andre Oppermann (Dec 02)
- Re: is reverse dns required? (policy question) Valdis . Kletnieks (Dec 02)
- Re: is reverse dns required? (policy question) Andre Oppermann (Dec 02)
- Re: is reverse dns required? (policy question) Mark Andrews (Dec 02)
- Re: is reverse dns required? (policy question) Douglas Otis (Dec 02)
- Re: is reverse dns required? (policy question) Andre Oppermann (Dec 03)
- Re: is reverse dns required? (policy question) Henning Brauer (Dec 04)
- Re: is reverse dns required? (policy question) william(at)elan.net (Dec 04)
- Re: is reverse dns required? (policy question) Henning Brauer (Dec 04)
- Re: is reverse dns required? (policy question) william(at)elan.net (Dec 04)
- Re: is reverse dns required? (policy question) Sam Hayes Merritt, III (Dec 01)