NANOG list reverse DNS handling

• Previous message (by thread): NANOG list reverse DNS handling
• Next message (by thread): NANOG list reverse DNS handling
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Iljitsch van Beijnum wrote:

> There is also a link to a DNS checking tool. However, this tool is 
> pretty much useless in situations such as the one in which I found 
> myself, as it doesn't answer the real question: what is the TTL for the 
> offending DNS information.

You should have the answer to that (more or less- at least the upper 
bound) as it is set by you in your zone.

Now, if you want to know how much of the TTL remains wrt to merit.edu 
accepting mail, you need to know what resolvers the mail server is 
using, and can then query thusly:

$ dig ptr 1.65.149.83.in-addr.arpa @dns.merit.net | grep ^1
1.65.149.83.in-addr.arpa. 86400 IN      PTR     sequoia.muada.com.

(I see that dns.merit.net is the next IP above mail.merit.net which is 
the only MX RR for merit.edu, although that's really still just a guess 
as to the resolver it uses)

A second query reveals that the TTL on this record has decreased by a 
few seconds. Since your .arpa zone ttl seems to be at one day, it isn't 
likely that dns.merit.edu is the resolver for mail.merit.edu (or else it 
has since expired from cache):

$ dig ptr 1.65.149.83.in-addr.arpa @dns.merit.net | grep ^1
1.65.149.83.in-addr.arpa. 86398 IN      PTR     sequoia.muada.com.

Note that this doesn't work if the resolver has an ACL applied that 
restricts who can do resolution on it and you don't fall within that 
ACL. But the bigger hurdle here is really figuring out what the resolver 
mail.merit.edu uses, since it's most likely open. A check of all the 
auth DNS servers for merit.edu reveals no evidence of caching for this 
particular record.

• Previous message (by thread): NANOG list reverse DNS handling
• Next message (by thread): NANOG list reverse DNS handling
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]