In message <121334192.111427.1297644483313.JavaMail.root@int-mailstore01>, "Larr y J. Blunk" writes: > > > ----- Original Message ----- > > It looks like one of nanog's outbound servers doesn't have a PTR > > record. > > > > Mark > > > > Received:from s0.nanog.org (207.75.116.162) by edge.atlasbiz.com > > (192.168.198.21 > > ) with Microsoft SMTP Server id 8.2.255.0; Sun, 13 Feb 2011 21:34:17 > > +0000 > > > > > > ; <<>> DiG 9.6.0-APPLE-P2 <<>> -x 207.75.116.162 > > ;; global options: +cmd > > ;; Got answer: > > ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 29686 > > ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 > > > > ;; QUESTION SECTION: > > ;162.116.75.207.in-addr.arpa. IN PTR > > > > ;; AUTHORITY SECTION: > > 116.75.207.in-addr.arpa. 10764 IN SOA dns.merit.net. ejd.merit.edu. > > 2011021202 28800 14400 2419200 14400 > > > > ;; Query time: 0 msec > > ;; SERVER: 127.0.0.1#53(127.0.0.1) > > ;; WHEN: Mon Feb 14 09:54:42 2011 > > ;; MSG SIZE rcvd: 107 > > > > -- > > Mark Andrews, ISC > > 1 Seymour St., Dundas Valley, NSW 2117, Australia > > PHONE: +61 2 9871 4742 INTERNET: [email protected] > > > > > Oops, fixed. The machines were moved to a new a > subnet this morning and I was so preoccupied with remembering > to create the ip6.arpa PTR records that I completely forgot > the in-addr.arpa's. Bet that's a first. I suppose it's > progress to be thinking about v6 first and v4 second. > > > -Larry Blunk > Merit
It will be much better when the OS's just register themselves in the DNS. Humans shouldn't have to do this when a machine renumbers. Named can already authenticate PTR updates based on using TCP and the source address of the update. For A/AAAA records you setup a cryptographically strong authentication first. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: [email protected]
