[dns-operations] Maybe I'm just not with it...
Tony Finch
dot at dotat.at
Tue Dec 8 23:07:00 UTC 2009
On Sun, 6 Dec 2009, Joe Greco wrote:
> Can anybody imagine what the advantage of this is?
>
> Non-authoritative answer:
> 1.1.20.123.in-addr.arpa name = localhost.
>
> Authoritative answers can be found from:
> 20.123.in-addr.arpa nameserver = vdc-hn01.vnn.vn.
> 20.123.in-addr.arpa nameserver = hcm-server1.vnn.vn.
>
> Appears to be that way for that /16 at least. I can see a generic
> response of some sort, but this almost seems like someone's trying
> to exploit misconfigurations maliciously.
I think I've seen that behaviour in my mail logs from more than just that
network - it's a common setup in Vietnam.
I guess that their goal is to install reverse DNS records with the
absolute minimum effort, to appease software that checks for the existence
of PTR records. I hope that the seemingly malicious consequences are not
intentional!
One of the effects that I have noticed is that it causes certain spam bots
to greet MXs with EHLO localhost which my servers (at least) reject with
glee.
The other wide-scale lazy reverse DNS practice I have seen is to install
generic 1.2.0.192.isp.tld PTR records with no corresponding forward A
records. ($GENERATE in action?) This seems to be particularly common in
Brazil and India.
Tony.
--
f.anthony.n.finch <dot at dotat.at> http://dotat.at/
GERMAN BIGHT HUMBER: SOUTHWEST 5 TO 7. MODERATE OR ROUGH. SQUALLY SHOWERS.
MODERATE OR GOOD.
More information about the dns-operations
mailing list