REVERSE DNS Practices.

Steven Champeon schampeo at hesketh.com
Fri Mar 27 03:28:21 UTC 2009


on Fri, Mar 27, 2009 at 11:39:49AM +1030, Tom Wright wrote:
> On 27/03/2009, at 3:26 AM, Steven Champeon wrote:
>> Especially if they're spewing spam and viruses like a firehose.
>
> If you're talking about our net blocks, then
> please do drop me a line.  We're quite serious
> about minimising the spam sent from our network,
> and we'd be happy to investigate.

Thanks, but I think it's easy enough for you to rsync a copy of CBL or
other DNSBL zones and grepcidr through it for your own netblocks, so
I'll just continue as I am. I appreciate the offer, though, and don't
doubt the sincerity. I just don't have time to police your networks for
you, much less everyone else's.

>> Unfortunately, it's not. Even more unfortunately, we see more junk
>> from their generic statics than we do from their obvious dynamics.
>
> That seems about right.  We filter port 25 outbound from
> our dynamic ranges (by default).
> http://www.internode.on.net/support/faq/email/port_filtering/

How long have you been doing this? And do all of your statically
assigned internode.on.net PTRs contain the token 'static'? Or not? If
not, why not? In any case, do you provide custom PTRs for those who ask?
If so, why not provide them for /all/ customers with statics?

The hosts with 'padsl' tokens - are they all NAT/VPNs (Private Access
DSL, a la THUS) , or just "Personal ADSL"? Are your hosts with ppp
tokens dynamic, static, or a mixture? I see both types; hosts wstarting
with 'ppp' and containing a 'static' token, and others without.

Martin Barry mentioned 'LNS' as a big giveaway as to the sort of nodes
those are, and suggested that they're infrastructure devices which would
never send mail, yet in the past couple weeks we've seen connections
from the following hosts:

 ppp121-44-233-193.lns1.per1.internode.on.net
 ppp118-208-178-233.lns10.mel4.internode.on.net
 ppp224-33.lns3.syd7.internode.on.net
 ppp121-44-110-124.lns10.syd6.internode.on.net

So I guess they're not that sort of device. <shrug>

Under Technobabble on the Web page above, you specify which services are
usually static and which dynamic, making distinctions between Home,
SOHO, Corporate and so forth, but your naming doesn't reflect those
distinctions. (Think Road Runner, who uses res.rr.com for nearly all of
their home cable hookups, and biz.rr.com for their business cable).

Thanks for any assistance/clarification you can provide.

-- 
hesketh.com/inc. v: +1(919)834-2552 f: +1(919)834-2553 w: http://hesketh.com/
antispam news, solutions for sendmail, exim, postfix: http://enemieslist.com/




More information about the NANOG mailing list