Ok, one last message. This removes some apparent confusion between
"reverse DNS abuse" and the current Verisign complaints.
The people who have "problems with Verisign" expect to do a forward lookup
on a domain name, and if they don't get NXDOMAIN, they want to do a
reverse lookup on the address, and if they match, they assume that the
sender is not a spammer. This is known as reverse DNS abuse, or reverse
DNS test. Of course, it never worked. But people believe with religious
fervor that it does.
These people are upset because now the unregistered .com and .net domains
don't return NXDOMAIN, but give the address of Verisign. The next step in
their "test" will check the reverse address of Verisign, and find it to
match. Thus, they are upset that their "test" doesn't work. It didn't
work to begin with.
The premises on which this "test" was based, are false, and have always
been false. The DNS working groups have discussed the issue, and have
considered removing Reverse DNS because of these abuses due to a long and
well documented history of harms due to this abuse, and the comparatively
small positive value of Reverse DNS in proper usage. IPv6 has host
identification facilities which replace Reverse DNS. I think that Reverse
is presently broken in IPv6 due to recent changes in IPv6 work. I forget
if it has been fixed. It seems likely that IPv6 won't have reverse DNS,
so if we ever get it deployed, the problem will go away.
But, obviously, you are unfamiliar with the history of the problem, which
is why you don't recognize the "reverse DNS abuse" and what the term
signifies. I should have realized that earlier.
--Dean
On Wed, 24 Sep 2003, Laird, James wrote:
> Dean wrote:
> >It is you who is struggling in vain. You and the rest of the reverse DNS
> >abusers are confused.
>
> REVERSE DNS? Abusers? Give me a break.
>
> Looking up an IP (or getting an NXDOMAIN) from a domain name is FORWARD dns.
> Where's the reverse? (Where's the abuse?)
