From pk at TechFak.Uni-Bielefeld.DE Wed Dec 1 09:35:44 2004 From: pk at TechFak.Uni-Bielefeld.DE (Peter Koch) Date: Wed, 01 Dec 2004 09:35:44 +0100 Subject: [dns-wg] Matching forward and reverse DNS for DSL pool addresses In-Reply-To: Your message of "Tue, 30 Nov 2004 17:31:27 GMT." Message-ID: <200412010835.iB18Zi920259@zeder.TechFak.Uni-Bielefeld.DE> Brian, > Can anyone confirm whether DSL (and dial) providers are required to provide m >atching forward and reverse DNS for the address pools or is a wildcard in the >reverse zones sufficient? from a DNS perspective there's no difference between dialup providers, large companies using static allocations or Joe User in his garage. However, apart from the fact that a 'requirement' to provide reverse mapping may be difficult to enforce, it is best practice that if it is present, it must be consistent with the forward entries. Otherwise a lot may break for people using that address space due to certain popular cross checks. See draft-ietf-dnsop-inaddr-required-05.txt 9may be expired) for a discussion. "Wildcards" nowadays will produce sort of allergic reaction all over the place. While you can of course apply them to PTR RRs in IN-ADDR.ARPA zones, they're likely to break consistency. In addition, in a namespace as structured as IN-ADDR.ARPA what's the advantage of '*' over some lines of perl script (or BIND's $GENERATE) and "doing it right"? -Peter From jeroen at unfix.org Wed Dec 1 09:36:01 2004 From: jeroen at unfix.org (Jeroen Massar) Date: Wed, 01 Dec 2004 09:36:01 +0100 Subject: [dns-wg] Matching forward and reverse DNS for DSL pool addresses In-Reply-To: References: Message-ID: <1101890161.4217.9.camel@firenze.zurich.ibm.com> On Tue, 2004-11-30 at 17:31 +0000, brian.wilkinson at bt.com wrote: > Can anyone confirm whether DSL (and dial) providers are required to > provide matching forward and reverse DNS for the address pools or is > a wildcard in the reverse zones sufficient? Afaik there is no political requirement. But I think your clients will be *VERY* happy when you do provide them with a matching forward and reverse. Ever tried ssh'ing into a server with a host which had a mismatching reverse!=forward? Also you will block your clients from using protocols like SMTP and some others that do forward=reverse checking, not even mentioning the various logging methods around the world. Note that for SMTP it is almost a real requirement as it aids a lot of people in debugging. Oh and don't forget that some people actually also use IRC... If you intend on a 'wildcard' entry for a reverse, better not do any reverse at all... Generating a reverse is not that difficult, bind offers that nice $GENERATE option anyway. Though nicer is too use one of the various dictionary lists, which will make your clients a bit more happier. The best for your clients of course is to allow them to change the reverses, which is seen as quite a value for a lot of customers. Greets, Jeroen -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 240 bytes Desc: This is a digitally signed message part URL: From jim at rfc1035.com Wed Dec 1 13:47:32 2004 From: jim at rfc1035.com (Jim Reid) Date: Wed, 01 Dec 2004 12:47:32 +0000 Subject: [dns-wg] Matching forward and reverse DNS for DSL pool addresses In-Reply-To: Message from of "Tue, 30 Nov 2004 17:31:27 GMT." Message-ID: <28679.1101905252@gromit.rfc1035.com> >>>>> "brian" == writes: brian> Can anyone confirm whether DSL (and dial) providers are brian> required to provide matching forward and reverse DNS for brian> the address pools or is a wildcard in the reverse zones brian> sufficient? There's no requirement. Though your customers might appreciate it if reverse lookups worked for the IP addresses. Sometimes applications will make life difficult for hosts that don't have working reverse DNS. For instance a client that initiates an SMTP connection may be considered a spam source if there's no sensible answer to a reverse lookup of the client's address. And as Peter has said, wildcards are probably not a good idea for this sort of thing. It could also break when the application does a forwward lookup of the name returned by a reverse lookup. The BSD r- protocols -- which I hope nobody uses any more -- do this to decide if the client is who they claim to be and therefore determin if the client is trusted or not. From brian.wilkinson at bt.com Wed Dec 1 14:24:47 2004 From: brian.wilkinson at bt.com (brian.wilkinson at bt.com) Date: Wed, 1 Dec 2004 13:24:47 -0000 Subject: [dns-wg] Matching forward and reverse DNS for DSL pool addresses Message-ID: ok - Thanks to all that replied. We already provide matching forward and reverse - I just wanted to verify that it was definitly required as I am currently reviewing our DNS management processes. Regards Brian -----Original Message----- From: Jim Reid [mailto:jim at rfc1035.com] Sent: Wednesday, December 01, 2004 12:48 PM To: Wilkinson,BJ,Brian,XJG11 R Cc: dns-wg at ripe.net Subject: Re: [dns-wg] Matching forward and reverse DNS for DSL pool addresses >>>>> "brian" == writes: brian> Can anyone confirm whether DSL (and dial) providers are brian> required to provide matching forward and reverse DNS for brian> the address pools or is a wildcard in the reverse zones brian> sufficient? There's no requirement. Though your customers might appreciate it if reverse lookups worked for the IP addresses. Sometimes applications will make life difficult for hosts that don't have working reverse DNS. For instance a client that initiates an SMTP connection may be considered a spam source if there's no sensible answer to a reverse lookup of the client's address. And as Peter has said, wildcards are probably not a good idea for this sort of thing. It could also break when the application does a forwward lookup of the name returned by a reverse lookup. The BSD r- protocols -- which I hope nobody uses any more -- do this to decide if the client is who they claim to be and therefore determin if the client is trusted or not. From k13 at nikhef.nl Tue Dec 21 14:44:13 2004 From: k13 at nikhef.nl (Rob Blokzijl) Date: Tue, 21 Dec 2004 14:44:13 +0100 (MET) Subject: [dns-wg] Announcement: Policy Development Process in RIPE Message-ID: To the RIPE Community, later today I will publish a draft document that describes the policy making process in RIPE. It is draft, so your input is requested in order to come to a generally accepted final document. Logistics: - deadline for comments on the first draft: 1 Februari 2005 - discussion takes place on ripe-list at ripe.net - if you are not subscribed to ripe-list at ripe.net yet, go to http://www.ripe.net/mailman/listinfo/ripe-list#subscribers - for any questions, don't hesitate to contact chair at ripe.net As always, apologies for receiving multiple copies of this announcement. Best regards, Rob Blokzijl RIPE Chairman From randy at psg.com Tue Dec 21 18:05:57 2004 From: randy at psg.com (Randy Bush) Date: Tue, 21 Dec 2004 12:05:57 -0500 Subject: [dns-wg] Re: [eix-wg] Announcement: Policy Development Process in RIPE References: Message-ID: <16840.22517.647024.632059@roam.psg.com> > later today I will publish a draft document that describes the policy > making process in RIPE. this is the product of the small working group on the subject? randy