[svlug] Do I need reverse DNS?
james at linuxrebel.org
Mon Nov 14 19:52:46 PST 2005
On Mon, 2005-11-14 at 18:49 -0800, Rick Moen wrote:
> Quoting Skip Evans (skip at venomouspenguin.com):
> [Some site-checking CGI told you:]
> > Your Internet connection has no Reverse DNS
> > Could this be the problem I am having????
> Why should I worry about reverse DNS?
> Reverse DNS (rDNS) consists of mapping IP addresses into hostnames.
> While most Internet applications do not require rDNS to work, there are
> several reasons why defining rDNS in your network is highly desirable:
> * publishing rDNS allows people to associate quickly and easily your
> IP address with your domain name, and therefore it makes easier to
> report abuse from your IP address space to your abuse desk
> * publishing information about dynamically assigned IPs greatly
> helps other networks to distinguish the nature of different mail
> sources in your network (mail servers vs infected end user
> machines), and to block SMTP connections from dynamic addresses
> (if they wish to do so) without guessing and risking to
> inadvertently block mail servers
> * publishing proper rDNS for statically assigned IPs - and in
> particular for those corresponding to proper mail servers -
> greatly reduces the likelihood that other networks will block
> those servers by mistake, thinking that their IP belongs to
> residential dynamic space
> * moreover, some networks are refusing mail from IP addresses
> without rDNS defined
> * on the client side, there are security benefits in running
> applications such as ssh from an IP with rDNS assigned
Where as I agree with everything you say for static Domain/IP
translation. (I'd be a fool not to.) There is the "hassle" of running a
domain off of your home system. Then using dyndns or some other service
to run the nameservers.
Where as they do an excellent job (and fast too), in general, of
following dynamic IP's. They are to the best of my knowledge incapable
of providing rDNS. (Since they don't control the IP block) and
Comcast/SBC/Metrofi etc is not going to service a moving target like
this (hard enough to get them to service a static IP number!) For some
unknown reason they insist on hogging rDNS.
So I would venture to ask. What are viable work arounds for this? I
like keeping a domain that points to my home for example, since it's
easier to remember it's name than to "discover" the latest IP address.
These work arounds could also be important for people who run either
home mail servers or work off of a colo where they are one of a hundred
or 200 sites on a single box.(noting that colo's often solve the major
problems with mail) For example
site forward dns
(which is the hostname of the box I share.)
A list of things people can do to prevent being marked unfairly as a
spammer might help a number of people here.
More information about the svlug