On Fri 05/Apr/2024 14:41:01 +0200 Michele Neylon - Blacknight via anti-abuse-wg wrote:
Have you asked them to setup PTR records?
I did so for IPv4. They're unable to delegate but can set PTRs. For IPv6, they don't have delegation for their own range, so cannot possibly resolve mine.
We usually do it for our clients, so I’ve no idea how others handle it
Why can't users of a given range set up their own delegation? I know it should be hierarchical, but in case RIPE did not delegate anything (found SOA 0.a.2.ip6.arpa. dns.ripe.net) couldn't they delegate directly after proof of "ownership"? Best Ale
-- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ https://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845
I have sent this email at a time that is convenient for me. I do not expect you to respond to it outside of your usual working hours.
From: anti-abuse-wg <anti-abuse-wg-bounces@ripe.net> on behalf of Alessandro Vesely <vesely@tana.it> Date: Friday, 5 April 2024 at 13:01 To: anti-abuse-wg <anti-abuse-wg@ripe.net> Subject: [anti-abuse-wg] Reverse DNS delegations [EXTERNAL EMAIL] Please use caution when opening attachments from unrecognised sources.
Hi all,
what's the policy for reverse delegation? My provider assigned me a 2a02:29e1:500:6c00::/56. Great. However they didn't delegate reverse DNS. Indeed, their own 2a02:29e1::/32 has no delegations:
; <<>> DiG 9.18.24-1-Debian <<>> 1.e.9.2.2.0.a.2.ip6.arpa ns ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 19800 ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ; COOKIE: cad8ae482b0e559c01000000660fe49763aa815e05fda159 (good) ;; QUESTION SECTION: ;1.e.9.2.2.0.a.2.ip6.arpa. IN NS
;; AUTHORITY SECTION: 0.a.2.ip6.arpa. 3600 IN SOA pri.authdns.ripe.net. dns.ripe.net. 1712314758 3600 600 864000 3600
Now there are mail servers which reject mail if they don't find a matching PTR:
<<< 554 resimta-c2p-559421.sys.comcast.net resimta-c2p-559421.sys.comcast.net 2a02:29e1:500:6c00::4 Comcast requires that all mail servers must have a PTR record with a valid Reverse DNS entry. Currently your mail server does not fill that requirement. For more information, refer to: https://postmaster.comcast.net/smtp-error-codes.php#554
Why isn't it possible to gain a delegation by proving number assignment?
Best Ale --
--
To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/anti-abuse-wg