Matching forward and reverse DNS for DSL pool addresses
Can anyone confirm whether DSL (and dial) providers are required to provide matching forward and reverse DNS for the address pools or is a wildcard in the reverse zones sufficient? Regards Brian Wilkinson
Brian,
Can anyone confirm whether DSL (and dial) providers are required to provide m atching forward and reverse DNS for the address pools or is a wildcard in the reverse zones sufficient?
from a DNS perspective there's no difference between dialup providers, large companies using static allocations or Joe User in his garage. However, apart from the fact that a 'requirement' to provide reverse mapping may be difficult to enforce, it is best practice that if it is present, it must be consistent with the forward entries. Otherwise a lot may break for people using that address space due to certain popular cross checks. See draft-ietf-dnsop-inaddr-required-05.txt 9may be expired) for a discussion. "Wildcards" nowadays will produce sort of allergic reaction all over the place. While you can of course apply them to PTR RRs in IN-ADDR.ARPA zones, they're likely to break consistency. In addition, in a namespace as structured as IN-ADDR.ARPA what's the advantage of '*' over some lines of perl script (or BIND's $GENERATE) and "doing it right"? -Peter
On Tue, 2004-11-30 at 17:31 +0000, brian.wilkinson@bt.com wrote:
Can anyone confirm whether DSL (and dial) providers are required to provide matching forward and reverse DNS for the address pools or is a wildcard in the reverse zones sufficient?
Afaik there is no political requirement. But I think your clients will be *VERY* happy when you do provide them with a matching forward and reverse. Ever tried ssh'ing into a server with a host which had a mismatching reverse!=forward? Also you will block your clients from using protocols like SMTP and some others that do forward=reverse checking, not even mentioning the various logging methods around the world. Note that for SMTP it is almost a real requirement as it aids a lot of people in debugging. Oh and don't forget that some people actually also use IRC... If you intend on a 'wildcard' entry for a reverse, better not do any reverse at all... Generating a reverse is not that difficult, bind offers that nice $GENERATE option anyway. Though nicer is too use one of the various dictionary lists, which will make your clients a bit more happier. The best for your clients of course is to allow them to change the reverses, which is seen as quite a value for a lot of customers. Greets, Jeroen
participants (3)
-
brian.wilkinson@bt.com -
Jeroen Massar -
Peter Koch