nanog mailing list archives
Re: is reverse dns required? (policy question)
From: Henning Brauer <hb-nanog () bsws de>
Date: Sat, 4 Dec 2004 15:54:51 +0100
* Andre Oppermann <nanog-list () nrg4u com> [2004-12-03 11:04]:
Mark Andrews wrote:In article <41AF5C33.4050202 () nrg4u com> you write:You would put in a global wildcard that says no smtp sender here. Only for those boxes being legitimate SMTP to outside senders you'd put in a more specific record as shown above. You probably have to enter some dozen to one hundred servers this way. Sure your reverse zone scripts need some changes but it's only two or three lines. Ideally you could tell your DNS server in the zone file this: _send._smtp._srv.*.*.173.128.in-addr.arpa. IN TXT "0" _send._smtp._srv.*.*.82.198.in-addr.arpa. IN TXT "0" being overidden by more specific information on single IP addresses.You obviouly do not know how wildcard work in the DNS or you would not have made this suggestion. Please read RFC 1034 and work though Section 4.3.2. Algorithm with a QNAME of _send._smtp._srv.1.1.173.128.in-addr.arpa.The wildcards are in the DNS server zone file for interpretation by the DNS server itself. It would not be published as such because that obviously wouldn't work as you prove. But nothing is preventing BIND or whatever from taking this wildcard record and answering every request with the wildcard "_send._smtp._srv.*" RR if no more-specific exists. This should be relatively straight forward to code. Wouldn't want to touch the code base of BIND but for DJBDNS I could somewhat easily implement it.
eh?
no need to...
Thus we propose expanding the reverse DNS tree with a subdomain with
the well known name
_srv
This subdomain MAY be inserted at any level in the DNS tree for IPv4
IN-ADDR.ARPA reverse zones. For IPv6, to limit the number of DNS
queries, _srv is only queried at the /128 (host), /64 (subnet) and /
32 (site) level. That way it can either provide information for a
specific IP address or for a whole network block. More specific
information takes precedence over information found closer to the top
of the tree.
--
Henning Brauer, BS Web Services, http://bsws.de
hb () bsws de - henning () openbsd org
Unix is very simple, but it takes a genius to understand the simplicity.
(Dennis Ritchie)
Current thread:
- Re: is reverse dns required? (policy question), (continued)
- Re: is reverse dns required? (policy question) Valdis . Kletnieks (Dec 01)
- Re: is reverse dns required? (policy question) Steven Champeon (Dec 01)
- Re: is reverse dns required? (policy question) Valdis . Kletnieks (Dec 01)
- Re: is reverse dns required? (policy question) Steven Champeon (Dec 01)
- Re: is reverse dns required? (policy question) Andre Oppermann (Dec 02)
- Re: is reverse dns required? (policy question) Valdis . Kletnieks (Dec 02)
- Re: is reverse dns required? (policy question) Andre Oppermann (Dec 02)
- Re: is reverse dns required? (policy question) Mark Andrews (Dec 02)
- Re: is reverse dns required? (policy question) Douglas Otis (Dec 02)
- Re: is reverse dns required? (policy question) Andre Oppermann (Dec 03)
- Re: is reverse dns required? (policy question) Henning Brauer (Dec 04)
- Re: is reverse dns required? (policy question) william(at)elan.net (Dec 04)
- Re: is reverse dns required? (policy question) Henning Brauer (Dec 04)
- Re: is reverse dns required? (policy question) william(at)elan.net (Dec 04)
- Re: is reverse dns required? (policy question) Sam Hayes Merritt, III (Dec 01)