Re: [Exim] Reverse Mappings

Góra strony
Delete this message
Reply to this message
Autor: Phil Pennock
Data:  
Dla: exim-users
Temat: Re: [Exim] Reverse Mappings
On 2002-02-05 at 23:50 -0500, dman wrote:
[ dynamic DNS service ]
>                                     They don't support rDNS though.  I
> don't think I can say it is their fault either since what would happen
> if a given IP reverse-looked-up to two different names?


Uhm, how about "because there's no delegation to them"?

They control the DNS for ddts.net. That's because ICANN's allowed
opensrs.net to add records for ddts.net, saying which servers are
authoritative. They can easily control forward DNS, since anything
wanting a record for FOO.ddts.net will be asking either ns0.ddts.net or
ns1.ddts.net for the value.

Your dynamic DNS provider is extremely unlikely to have any control over
the reverse DNS. For instance at the current time dman.ddts.net has an
A record of "64.213.114.152". (It's dynamic, there's no real privacy
breach posting that here, since you've provided the hostname and anyone
else could look that up too).

So someone wanting the reverse DNS will follow the same kind of
delegation chain, but will ask for 152.114.213.64.in-addr.arpa. They'll
ask the root-servers, and be pointed to the name-servers for
64.in-addr.arpa. Then one of those will say that there are two gblx.net
nameservers handling 213.64.in-addr.arpa. And one of those will say
that one of two frontiernet.net nameservers handle anything under
114.213.64.in-addr.arpa. And those will say "yes, that's in my zone of
authority, and here, have "64-213-114-152.roc.frontiernet.net" as the
PTR value.

At no point in that chain is there anywhere for a dynamic DNS provider
to step in, _unless_ they control one of the DNS servers in question, or
have co-operation from one of them. So frontiernet.net could provide
dynamic DNS updates for the reverse. Sure.

Take a business case to your ISP, asking them to provide dynamic reverse
DNS. Or try to persuade the admin of every other connected system on
the Internet (which you care about) to use a trojaned^Wdifferent set of
name-server roots. *cough*new.net*cough*
--
If at first you DO succeed, try not to look astonished!