[dns-operations] Maybe I'm just not with it...

Tony Finch dot at dotat.at
Tue Dec 8 23:07:00 UTC 2009


On Sun, 6 Dec 2009, Joe Greco wrote:

> Can anybody imagine what the advantage of this is?
>
> Non-authoritative answer:
> 1.1.20.123.in-addr.arpa name = localhost.
>
> Authoritative answers can be found from:
> 20.123.in-addr.arpa     nameserver = vdc-hn01.vnn.vn.
> 20.123.in-addr.arpa     nameserver = hcm-server1.vnn.vn.
>
> Appears to be that way for that /16 at least.  I can see a generic
> response of some sort, but this almost seems like someone's trying
> to exploit misconfigurations maliciously.

I think I've seen that behaviour in my mail logs from more than just that
network - it's a common setup in Vietnam.

I guess that their goal is to install reverse DNS records with the
absolute minimum effort, to appease software that checks for the existence
of PTR records. I hope that the seemingly malicious consequences are not
intentional!

One of the effects that I have noticed is that it causes certain spam bots
to greet MXs with EHLO localhost which my servers (at least) reject with
glee.

The other wide-scale lazy reverse DNS practice I have seen is to install
generic 1.2.0.192.isp.tld PTR records with no corresponding forward A
records. ($GENERATE in action?) This seems to be particularly common in
Brazil and India.

Tony.
-- 
f.anthony.n.finch  <dot at dotat.at>  http://dotat.at/
GERMAN BIGHT HUMBER: SOUTHWEST 5 TO 7. MODERATE OR ROUGH. SQUALLY SHOWERS.
MODERATE OR GOOD.



More information about the dns-operations mailing list