On Wed, Sep 22, 2021 at 11:15 AM Andy Smith <[email protected]> wrote:
> Hi Joel, > > On Wed, Sep 22, 2021 at 10:12:26AM -0400, Joel Sommers wrote: > > Besides the common "reserved" keyword in the FQDN, we also see > > names like "not-in-use.example.tld", again with quite a few > > addresses all mapped to that one name. > > I assume you are seeing this by resolving the reverse DNS of each IP > address in the range. > > > The naming appears to suggest that this is an on-the-cheap IP > > address management practice, but we are wondering if there are > > other operational reasons that might be behind what we observe. > > The purpose is generally informational, for those without access to > the internal address management system (or quick hint to those who > do have access). > > If one sees traffic from such an IP address and then sees it > being marked as reserved or not in use, then one knows that > something is up, either with the presence of the traffic or the lack > of an update to the reverse mapping. If there had been simply no > reverse mapping then this information would not have been conveyed. > > It doesn't imply a lack of an address management system or an > attempt to use DNS to manage "on the cheap" - though it doesn't > exclude those possibilities either. > Yup. Some IPAM tools will generate / populate zone files with this sort of thing for you. This sort of thing used to be more common when people would use things like "101.92.140.39.dynamic.isp.com" or "cable-78-109-33-05.provider.net" to signal that the address was in use by dynamic customer (and so shouldn't be sending mail directly), "reserved-10.10.10.100.example.com" (or 'unused' or whatever) to signal that it isn't in use (and so shouldn't be sending mail at all), and "mx-17.exmaple.net" to signal that it is a "real" mailserver. I suspect that the "on the cheap" is more places that don't have working reverse DNS at all.... W > Thanks, > Andy > -- The computing scientist’s main challenge is not to get confused by the complexities of his own making. -- E. W. Dijkstra
