<div dir="ltr"><div>PTR records can exist in any zone. They matter when they lie under in-addr.arpa and ip6.arpa because gethostbyaddr() roots queries in that name path. But, lets be clear, you can jam a PTR into any place you like. its just an RR.</div>
<div><br></div>under .ARPA, The zones which administer PTR records are strongly aligned by dot-breaks in IPv4 and IPv6 to octet and nibble boundaries. the actual zone-cut point varies, but they have a strong alignment which is neccessarily constrained to the octet/nibble boundaries. IN Ipv4 its /8 aligned, in IPv6 its a mix of older /24 and /12 delegations to the RIR.<div>
<br></div><div>For those levels delegated by IANA to the RIR, the boundaries are well understood and the DNSSEC signatures over the delegations understood.</div><div><br></div><div>If you go one level lower, the dot enforced boundaries vest into the address holder, and again, DNSSEC could make a strong trust over that binding. /16 and /24 delegations are put directly into each /8 zonefile, but no /24 should be there, if the parent /16 exists. And likewise in IPv6. We (the RIR) try very hard not to admit delegations which 'reach over' the holder at a higher level.</div>
<div><br></div><div>But once you get deeper, we've lost a sense of public review and public administration: its a single locus of control inside an address holding entity, and how accurately they track the specific PTR binding is unclear, and unspecified. There is no control. A bad actor can say that any given IP address binds to any name. Its not constrained.</div>
</div><div class="gmail_extra"><br><br><div class="gmail_quote">On Tue, Mar 4, 2014 at 10:20 AM, Jim Reid <span dir="ltr"><<a href="mailto:jim@rfc1035.com" target="_blank">jim@rfc1035.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div class="">On 3 Mar 2014, at 17:26, Stephen Malone <<a href="mailto:Stephen.Malone@microsoft.com">Stephen.Malone@microsoft.com</a>> wrote:<br>
<br>
> 1. In general, can I trust PTR records? Is ownership of the target domain validated at setup time by ISPs, and if yes, how is this done?<br>
<br>
</div>Define what you mean by "trust" and "validate". For bonus points, define "ownership".<br>
<div class=""><br>
> 2. If ownership of PTR targets is not routinely validated, is there a risk that the target domain could be blacklisted by anti-spam providers?<br>
<br>
</div>Again, please define "validate".<br>
<br>
AFAICT organisations like Spamhaus don't care about PTR records at all. Addresses get blacklisted because they send spam or are open mail relays or are known to be in prefixes used for residential customers or.... Whatever names may be associated with those addresses are unlikely to matter, regardless of what validation is done or not done.<br>
<br>
If you want to know what anti-spam organisations do with PTR records, I suggest you ask them directly.<br>
<br>
<br>
<br>
_______________________________________________<br>
dns-operations mailing list<br>
<a href="mailto:dns-operations@lists.dns-oarc.net">dns-operations@lists.dns-oarc.net</a><br>
<a href="https://lists.dns-oarc.net/mailman/listinfo/dns-operations
dns-jobs" target="_blank">https://lists.dns-oarc.net/mailman/listinfo/dns-operations<br>
dns-jobs</a> mailing list<br>
<a href="https://lists.dns-oarc.net/mailman/listinfo/dns-jobs" target="_blank">https://lists.dns-oarc.net/mailman/listinfo/dns-jobs</a><br>
</blockquote></div><br></div>