Re: Reverse dns (whether you want it or not)

["Dave Korn" <davek_throwaway () hotmail com>]

"TheGesus" wrote in message news:5e70f65305031013083747d7b () mail gmail com...
> On this subject (marginally), last year we moved a rather large CIDR
> block from one ISP to another.
>
> The new ISP took it upon themselves to give *ALL* our unused IP
> addresses a bogus reverse lookup in the (general) format of
>
> 10.20.30.40.abc.domain.com
>
> No one asked them to do this (or, at least if they did, they won't
> admit to it), and none of the reverse lookups can be looked up
> "forwardly".
>
> Is this a common practice?  It doesn't seem like a good idea, but the
> ISP insisted it was a "value-added" service.  In my opinion, a dead
> address should remain dead.

  It's common.  ISPs don't want to have to update their DNS records with
every single client that logs on or off their network, that would be a lot
of churn and general overhead for no great purpose.

  Plus it's always good to avoid leaking information.  If a lot of those
machines have firewalls that block ping etc, to present a 'stealthed' low
attack profile to the world, it would be a shame to give away the
information about which IPs were genuinely dead and which were firewalled
off but had live machines behind them to anyone who wanted to look it up in
the DNS.

    cheers,
      DaveK
-- 
Can't think of a witty .sigline today....



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://www.secunia.com/