nanog mailing list archives
Re: is reverse dns required? (policy question)
From: "william(at)elan.net" <william () elan net>
Date: Sat, 4 Dec 2004 07:41:07 -0800 (PST)
On Sat, 4 Dec 2004, Henning Brauer wrote:
The wildcards are in the DNS server zone file for interpretation by the DNS server itself. It would not be published as such because that obviously wouldn't work as you prove. But nothing is preventing BIND or whatever from taking this wildcard record and answering every request with the wildcard "_send._smtp._srv.*" RR if no more-specific exists. This should be relatively straight forward to code. Wouldn't want to touch the code base of BIND but for DJBDNS I could somewhat easily implement it.
The question remains what to do when zone is transfered between different dns servers (AXFR and such). Even completely syntetic wildcard still needs to be documented in DNS specs. What is proposed above I proposed about year ago privately to Paul Vixie, he said it'll take number of years to push it through the standard, perhaps he can comment more about it now and explain problems with above approach better.
eh? no need to... Thus we propose expanding the reverse DNS tree with a subdomain with the well known name _srv This subdomain MAY be inserted at any level in the DNS tree for IPv4 IN-ADDR.ARPA reverse zones. For IPv6, to limit the number of DNS queries, _srv is only queried at the /128 (host), /64 (subnet) and / 32 (site) level. That way it can either provide information for a specific IP address or for a whole network block. More specific information takes precedence over information found closer to the top of the tree.
So if I want to check on 127.1.2.3, I first do lookup on _srv.3.2.1.127.IN-ADDR.ARPA if that does not give any answer, I'll have to do lookup on _srv.2.1.127.IN-ADDR.ARPA if that does not give any answer, I'll have to do lookup on _srv.1.127.IN-ADDR.ARPA And if that does not work, I still have to do lookup on _srv.127.IN-ADDR.ARPA Is that how you expect it to work? If that is so, I do not like it because it forces to do these multiple lookups. -- William Leibzon Elan Networks william () elan net
Current thread:
- Re: is reverse dns required? (policy question), (continued)
- Re: is reverse dns required? (policy question) Steven Champeon (Dec 01)
- Re: is reverse dns required? (policy question) Valdis . Kletnieks (Dec 01)
- Re: is reverse dns required? (policy question) Steven Champeon (Dec 01)
- Re: is reverse dns required? (policy question) Andre Oppermann (Dec 02)
- Re: is reverse dns required? (policy question) Valdis . Kletnieks (Dec 02)
- Re: is reverse dns required? (policy question) Andre Oppermann (Dec 02)
- Re: is reverse dns required? (policy question) Mark Andrews (Dec 02)
- Re: is reverse dns required? (policy question) Douglas Otis (Dec 02)
- Re: is reverse dns required? (policy question) Andre Oppermann (Dec 03)
- Re: is reverse dns required? (policy question) Henning Brauer (Dec 04)
- Re: is reverse dns required? (policy question) william(at)elan.net (Dec 04)
- Re: is reverse dns required? (policy question) Henning Brauer (Dec 04)
- Re: is reverse dns required? (policy question) william(at)elan.net (Dec 04)
- Re: is reverse dns required? (policy question) Sam Hayes Merritt, III (Dec 01)