Reverse DNS RFCs and Recommendations

Masataka Ohta mohta at
Sat Nov 2 12:39:41 UTC 2013

Sander Steffann wrote:

> Hi,


>> Even if the CPE does so, which means there is no NAT, the key to
>> update rDNS must, naturally, be contained only in DHCP reply to the
>> CPE.
> You are misunderstanding the technology. Many cable operators offer a
> cable modem in bridged mode so that the customer can attach his own
> home-router behind it.

The situation is no different from:

>> If you mind wire tapping, you have other things to worry
>> about, which needs your access line encrypted (by a manually
>> configured password), which makes DHCP packets invisible.

Though some ISPs do not operate their network very securely,
you can't have better security than that offered by your local

Also remember that this thread is on secure rDNS by the ISP,
which means you can't expect the ISP operate rDNS very securely
even though the ISP operate rest of networking not very securely.

					Masataka Ohta

More information about the NANOG mailing list