Re: Reverse DNS for eyeballs?
> I would say the absence of reverse DNS tells useful info to receiving > MTAs - to preferably not accept. yep
Re: Reverse DNS for eyeballs?
. On 22/04/2023 16:00, nanog-requ...@nanog.org wrote: [...] [..] Really, reverse DNS these days is mostly only useful for: - mail servers (where it shows a modicum of control and clue) - infrastructure/router IPs (so mtr/traceroute can show useful info) - Peers in an Internet eXchange Point ( a subset of the previous bullet point) -- Willy Manga @ongolaboy https://ongola.blogspot.com/ OpenPGP_signature Description: OpenPGP digital signature
Re: Reverse DNS for eyeballs?
On Fri, 21 Apr 2023 at 20:44, Jason Healy via NANOG wrote: > This is not intended as snark: what do people recommend for IPv6? I try to > maintain forward/reverse for all my server/infrastructure equipment. But > clients? They're making up temporary addresses all day long. So far, I've > given up on trying to keep track of those addresses, even though it's a > network under my direct control. Stateless generation at query time - https://github.com/cmouse/pdns-v6-autorev/blob/master/rev.pl I wrote some POCs quite bit long ago http://p.ip.fi/L5PK - base36 http://p.ip.fi/CAtB - rfc2289 -- ++ytti
Re: Reverse DNS for eyeballs?
We actually manually list our customer ranges in pbl, or at least used to. Probably something else that I need to check on. On Fri, Apr 21, 2023, 8:04 AM Lukas Tribus wrote: > Hello, > > > without PTRs you will probably get your prefixes listed in things like > Spamhouse PBL. So adding the correct PTR for a mailserver may not be > enough, as services like that love to classify entire IP blocks. Of > course Spamhaus provides the tools to fix this issue. But what if > there are 4 - 5 other services like that? Do you want to go down that > rabbit hole, everytime you turn up a mailserver in your prefix? > > I also think reverse DNS records are useful when you have discussions > with content providers for all sorts of reasons like geolocation > issues or "VPN" classifications. > > Of course whois/irr records are the proper tools for this. But if I > have to discuss my IP ranges with some first level support desk at a > large content provider, everything that stands out negatively will > impact my chances of actually getting it done and how fast it will get > done. > > > Considering how subjective IP classifications are, I will not return > NXDOMAIN for v4 addresses if there is even a small chance that it will > make my life harder at some point in the future. > > > Lukas >
Re: Reverse DNS for eyeballs?
Once upon a time, heasley said: > I view complete DNS coverage to be a basic function. All used addresses > should have forward and matching reverse records. But why? It's not like anybody can trust what's in a reverse DNS string, even if it has matching forward. If I'm looking for "ownership", I'm going to registries, not DNS. Since it can't be guaranteed (or even flagged as) maintained, you can't trust any information in that string. -- Chris Adams
Re: Reverse DNS for eyeballs?
> I view complete DNS coverage to be a basic function. All used addresses > should have forward and matching reverse records. This is not intended as snark: what do people recommend for IPv6? I try to maintain forward/reverse for all my server/infrastructure equipment. But clients? They're making up temporary addresses all day long. So far, I've given up on trying to keep track of those addresses, even though it's a network under my direct control. Thanks, Jason
Re: Reverse DNS for eyeballs?
Fri, Apr 21, 2023 at 07:37:49AM -0500, Chris Adams: > Once upon a time, Forrest Christian (List Account) > said: > > I have a feeling that I might be stepping into a can of worms by asking > > this, but.. > > > > What's the current thinking around reverse DNS on IPs used by typical > > residential/ small business customers. > > I don't see any benefit to programmatically-generated reverse DNS. I > stopped setting it up a long time ago now. Really, reverse DNS these > days is mostly only useful for: > > - mail servers (where it shows a modicum of control and clue) > - infrastructure/router IPs (so mtr/traceroute can show useful info) I view complete DNS coverage to be a basic function. All used addresses should have forward and matching reverse records. This is not difficult stuff. Bonus points for including a clli code or similar indicating the general location of use for uses like network device interfaces, commodity end-users, etc; also not difficult stuff. You are tracking your allocations, right? Programmatically generating your device configurations? So, generate DNS from that same database(s).
Re: Reverse DNS for eyeballs?
Hello, without PTRs you will probably get your prefixes listed in things like Spamhouse PBL. So adding the correct PTR for a mailserver may not be enough, as services like that love to classify entire IP blocks. Of course Spamhaus provides the tools to fix this issue. But what if there are 4 - 5 other services like that? Do you want to go down that rabbit hole, everytime you turn up a mailserver in your prefix? I also think reverse DNS records are useful when you have discussions with content providers for all sorts of reasons like geolocation issues or "VPN" classifications. Of course whois/irr records are the proper tools for this. But if I have to discuss my IP ranges with some first level support desk at a large content provider, everything that stands out negatively will impact my chances of actually getting it done and how fast it will get done. Considering how subjective IP classifications are, I will not return NXDOMAIN for v4 addresses if there is even a small chance that it will make my life harder at some point in the future. Lukas
Re: Reverse DNS for eyeballs?
On 4/21/23 14:37, Chris Adams wrote: I don't see any benefit to programmatically-generated reverse DNS. I stopped setting it up a long time ago now. Really, reverse DNS these days is mostly only useful for: - mail servers (where it shows a modicum of control and clue) - infrastructure/router IPs (so mtr/traceroute can show useful info) Agreed. Mark.
Re: Reverse DNS for eyeballs?
On 4/21/23 15:02, Frank Habicht wrote: I would say the absence of reverse DNS tells useful info to receiving MTAs - to preferably not accept. As does a randomly-generated one... Mark.
Re: Reverse DNS for eyeballs?
On Fri, Apr 21, 2023 at 5:40 AM Chris Adams wrote: > Once upon a time, Forrest Christian (List Account) > said: > > I have a feeling that I might be stepping into a can of worms by asking > > this, but.. > > > > What's the current thinking around reverse DNS on IPs used by typical > > residential/ small business customers. > > I don't see any benefit to programmatically-generated reverse DNS. I > stopped setting it up a long time ago now. Really, reverse DNS these > days is mostly only useful for: > > - mail servers (where it shows a modicum of control and clue) > - infrastructure/router IPs (so mtr/traceroute can show useful info) > Same > -- > Chris Adams >
Re: Reverse DNS for eyeballs?
On 21/04/2023 15:37, Chris Adams wrote: I don't see any benefit to programmatically-generated reverse DNS. I stopped setting it up a long time ago now. Really, reverse DNS these days is mostly only useful for: - mail servers (where it shows a modicum of control and clue) - infrastructure/router IPs (so mtr/traceroute can show useful info) I would say the absence of reverse DNS tells useful info to receiving MTAs - to preferably not accept. Frank
Re: Reverse DNS for eyeballs?
Once upon a time, Forrest Christian (List Account) said: > I have a feeling that I might be stepping into a can of worms by asking > this, but.. > > What's the current thinking around reverse DNS on IPs used by typical > residential/ small business customers. I don't see any benefit to programmatically-generated reverse DNS. I stopped setting it up a long time ago now. Really, reverse DNS these days is mostly only useful for: - mail servers (where it shows a modicum of control and clue) - infrastructure/router IPs (so mtr/traceroute can show useful info) -- Chris Adams
Re: Reverse DNS for eyeballs?
> On Apr 21, 2023, at 11:38 AM, Forrest Christian (List Account) > wrote: > What's the current thinking around reverse DNS on IPs used by typical > residential/ small business customers? > I'm not talking about reverse dns for infrastructure/router IPs here, as I > still feel those need to be kept up to date. This is just for the individual > end user IPs. I think it’s really useful… but as IPv4 becomes a thing of the past, it probably needs to be supplied dynamically by a plug-in to your nameserver, rather than in giant static tables. -Bill