is reverse dns required? (policy question)

• Previous message (by thread): is reverse dns required? (policy question)
• Next message (by thread): is reverse dns required? (policy question)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* Andre Oppermann <nanog-list at nrg4u.com> [2004-12-03 11:04]:
> Mark Andrews wrote:
> >In article <41AF5C33.4050202 at nrg4u.com> you write:
> >>You would put in a global wildcard that says no smtp sender here.  Only
> >>for those boxes being legitimate SMTP to outside senders you'd put in a
> >>more specific record as shown above.  You probably have to enter some 
> >>dozen
> >>to one hundred servers this way.  Sure your reverse zone scripts need some
> >>changes but it's only two or three lines.
> >>
> >>Ideally you could tell your DNS server in the zone file this:
> >>
> >>_send._smtp._srv.*.*.173.128.in-addr.arpa.   IN TXT   "0"
> >>_send._smtp._srv.*.*.82.198.in-addr.arpa.   IN TXT   "0"
> >>
> >>being overidden by more specific information on single IP addresses.
> >
> >
> >	You obviouly do not know how wildcard work in the DNS or you
> >	would not have made this suggestion.  Please read RFC 1034
> >	and work though Section 4.3.2. Algorithm with a QNAME of
> >	_send._smtp._srv.1.1.173.128.in-addr.arpa.
> 
> The wildcards are in the DNS server zone file for interpretation by the
> DNS server itself.  It would not be published as such because that obviously
> wouldn't work as you prove.  But nothing is preventing BIND or whatever
> from taking this wildcard record and answering every request with the
> wildcard "_send._smtp._srv.*" RR if no more-specific exists.  This should
> be relatively straight forward to code.  Wouldn't want to touch the code
> base of BIND but for DJBDNS I could somewhat easily implement it.

eh?
no need to...

   Thus we propose expanding the reverse DNS tree with a subdomain with
   the well known name

       _srv

   This subdomain MAY be inserted at any level in the DNS tree for IPv4
   IN-ADDR.ARPA reverse zones.  For IPv6, to limit the number of DNS
   queries, _srv is only queried at the /128 (host), /64 (subnet) and /
   32 (site) level.  That way it can either provide information for a
   specific IP address or for a whole network block.  More specific
   information takes precedence over information found closer to the top
   of the tree.

-- 
Henning Brauer, BS Web Services, http://bsws.de
hb at bsws.de - henning at openbsd.org
Unix is very simple, but it takes a genius to understand the simplicity.
(Dennis Ritchie)

• Previous message (by thread): is reverse dns required? (policy question)
• Next message (by thread): is reverse dns required? (policy question)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]