[dns-operations] fewer PTRs plz (Re: reverse DNS for DHCPV6 and PD's)

Mark Andrews marka at isc.org
Wed Jun 15 23:05:45 UTC 2011 

In message <4DF925A9.3080807 at clegg.com>, Alan Clegg writes:
> On 6/13/2011 9:37 PM, Mark Andrews wrote:
> > Just let the hosts update its own PTR records.  Windows machines
> > already attempt to do this.  If the home user has a forward zone
> > then it will point to that zone.  If not ISP's may wish to offer
> > to host forward zones for their customers.
> 
> Sorry, but I doubt that any ISP in their right mind is going to allow
> users with machine names that they get to set themselves to do dynamic
> updates.

What does it matter what they name their machines as long are they
are syntaxically valid?  Almost no one other than the users of the
named machines see these records.  They make their way into Received
headers and ftp/http logs.

Whois is special in that it is a search engine which does partial
matches which makes these records visible and if the registries
were doing their job and checking that the data in whois matched
what was in the DNS and taking steps to correct the mis-matches,
as required by RFC 103[45], the whois abuse would mostly stop as
well.  A large percentage of the names in question don't exist in
the DNS (see below).

That said the level of abuse in whois is in the noise.  A couple
of hundred records in 100's of millions of host records.  Google,
Microsoft and a couple of other companies get this treatment.  The
rest of the domains in whois don't.

Mark

> We have enough issues with crazies playing in the whois data to show
> that opening updates to general users would be ... less that acceptable.
> 
> Before anyone says it, yes, I know it's a different use/mechanism, but
> the mentality of the abuser will be the same (or worse).
>
>    Server Name:
> GOOGLE.COM.ZZZZZZZZZZZZZ.GET.ONE.MILLION.DOLLARS.AT.WWW.UNIMUNDI
> =2ECOM

; <<>> DiG 9.6.0-APPLE-P2 <<>> GOOGLE.COM.ZZZZZZZZZZZZZ.GET.ONE.MILLION.DOLLARS.AT.WWW.UNIMUNDI.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 22118
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;GOOGLE.COM.ZZZZZZZZZZZZZ.GET.ONE.MILLION.DOLLARS.AT.WWW.UNIMUNDI.com. IN A

;; AUTHORITY SECTION:
UNIMUNDI.com.		10800	IN	SOA	ns1.dreamhost.com. hostmaster.dreamhost.com. 2010072701 19194 1800 1814400 14400

;; Query time: 550 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Jun 16 08:50:54 2011
;; MSG SIZE  rcvd: 147

>    Server Name: GOOGLE.COM.ZZZZZ.GET.LAID.AT.WWW.SWINGINGCOMMUNITY.COM

; <<>> DiG 9.6.0-APPLE-P2 <<>> GOOGLE.COM.ZZZZZ.GET.LAID.AT.WWW.SWINGINGCOMMUNITY.COM
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40221
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 6, ADDITIONAL: 0

;; QUESTION SECTION:
;GOOGLE.COM.ZZZZZ.GET.LAID.AT.WWW.SWINGINGCOMMUNITY.COM.	IN A

;; ANSWER SECTION:
GOOGLE.COM.ZZZZZ.GET.LAID.AT.WWW.SWINGINGCOMMUNITY.COM.	1500 IN	A 69.41.185.194

;; AUTHORITY SECTION:
SWINGINGCOMMUNITY.COM.	172800	IN	NS	ns1.lookuphosts.COM.
SWINGINGCOMMUNITY.COM.	172800	IN	NS	ns2.xo1.org.
SWINGINGCOMMUNITY.COM.	172800	IN	NS	ns2.0-id.COM.
SWINGINGCOMMUNITY.COM.	172800	IN	NS	ns1.0-id.COM.
SWINGINGCOMMUNITY.COM.	172800	IN	NS	ns1.xo1.org.
SWINGINGCOMMUNITY.COM.	172800	IN	NS	ns2.lookuphosts.COM.

;; Query time: 770 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Jun 16 08:51:05 2011
;; MSG SIZE  rcvd: 220

>    Server Name: GOOGLE.COM.ZOMBIED.AND.HACKED.BY.WWW.WEB-HACK.COM

; <<>> DiG 9.6.0-APPLE-P2 <<>> GOOGLE.COM.ZOMBIED.AND.HACKED.BY.WWW.WEB-HACK.COM
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 42969
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;GOOGLE.COM.ZOMBIED.AND.HACKED.BY.WWW.WEB-HACK.COM. IN A

;; AUTHORITY SECTION:
COM.			900	IN	SOA	a.gtld-servers.net. nstld.verisign-grs.COM. 1308178238 1800 900 604800 86400

;; Query time: 189 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Jun 16 08:51:26 2011
;; MSG SIZE  rcvd: 140

>    Server Name: GOOGLE.COM.ZNAET.PRODOMEN.COM

; <<>> DiG 9.6.0-APPLE-P2 <<>> GOOGLE.COM.ZNAET.PRODOMEN.COM
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 23065
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;GOOGLE.COM.ZNAET.PRODOMEN.COM.	IN	A

;; AUTHORITY SECTION:
PRODOMEN.COM.		3600	IN	SOA	ns1.gigahost.ua. hostmaster.gigahost.ua. 2010070900 14400 7200 604800 3600

;; Query time: 2407 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Jun 16 08:51:41 2011
;; MSG SIZE  rcvd: 109

>    Server Name: GOOGLE.COM.YUCEKIRBAC.COM

; <<>> DiG 9.6.0-APPLE-P2 <<>> GOOGLE.COM.YUCEKIRBAC.COM
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 40166
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;GOOGLE.COM.YUCEKIRBAC.COM.	IN	A

;; AUTHORITY SECTION:
YUCEKIRBAC.COM.		10800	IN	SOA	ns11.daha.net. serveralerts.daha.net. 2011042701 86400 7200 3600000 86400

;; Query time: 2137 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Jun 16 08:51:52 2011
;; MSG SIZE  rcvd: 105

>    Server Name: GOOGLE.COM.YUCEHOCA.COM

; <<>> DiG 9.6.0-APPLE-P2 <<>> GOOGLE.COM.YUCEHOCA.COM
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 34669
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;GOOGLE.COM.YUCEHOCA.COM.	IN	A

;; AUTHORITY SECTION:
YUCEHOCA.COM.		10800	IN	SOA	ns11.daha.net. serveralerts.daha.net. 2011042702 86400 7200 3600000 86400

;; Query time: 1092 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Jun 16 08:52:09 2011
;; MSG SIZE  rcvd: 103

>    Server Name: GOOGLE.COM.WORDT.DOOR.VEEL.WHTERS.GEBRUIKT.SERVERTJE.NET

; <<>> DiG 9.6.0-APPLE-P2 <<>> GOOGLE.COM.WORDT.DOOR.VEEL.WHTERS.GEBRUIKT.SERVERTJE.NET
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7834
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 4, ADDITIONAL: 0

;; QUESTION SECTION:
;GOOGLE.COM.WORDT.DOOR.VEEL.WHTERS.GEBRUIKT.SERVERTJE.NET. IN A

;; ANSWER SECTION:
GOOGLE.COM.WORDT.DOOR.VEEL.WHTERS.GEBRUIKT.SERVERTJE.NET. 86400	IN CNAME webfwd.je-eigen-domein.nl.
webfwd.je-eigen-domein.nl. 3600	IN	A	213.163.71.199
webfwd.je-eigen-domein.nl. 3600	IN	A	83.149.75.178

;; AUTHORITY SECTION:
je-eigen-domein.nl.	7199	IN	NS	ns4.je-eigen-domein.nl.
je-eigen-domein.nl.	7199	IN	NS	ns2.je-eigen-domein.nl.
je-eigen-domein.nl.	7199	IN	NS	ns3.je-eigen-domein.nl.
je-eigen-domein.nl.	7199	IN	NS	ns1.je-eigen-domein.nl.

;; Query time: 2287 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Jun 16 08:52:20 2011
;; MSG SIZE  rcvd: 217

>    Server Name: GOOGLE.COM.VABDAYOFF.COM
>    Server Name: GOOGLE.COM.SUCKS.FIND.CRACKZ.WITH.SEARCH.GULLI.COM
>    Server Name: GOOGLE.COM.SPROSIUYANDEKSA.RU
>    Server Name: GOOGLE.COM.SOUTHBEACHNEEDLEARTISTRY.COM
>    Server Name: GOOGLE.COM.SHTHEAD.NET
>    Server Name: GOOGLE.COM.SERVES.PR0N.FOR.ALLIYAH.NET
>    Server Name: GOOGLE.COM.LASERPIPE.COM
>    Server Name: GOOGLE.COM.IS.SHIT.SQUAREBOARDS.COM
>    Server Name: GOOGLE.COM.IS.NOT.HOSTED.BY.ACTIVEDOMAINDNS.NET
>    Server Name: GOOGLE.COM.IS.HOSTED.ON.PROFITHOSTING.NET
>    Server Name: GOOGLE.COM.IS.APPROVED.BY.NUMEA.COM
>    Server Name: GOOGLE.COM.HICHINA.COM
>    Server Name:
> GOOGLE.COM.HAS.LESS.FREE.PORN.IN.ITS.SEARCH.ENGINE.THAN.SECZY.CO
> M
>    Server Name: GOOGLE.COM.ESJUEGOS.NET
>    Server Name: GOOGLE.COM.BITERMANSOLUTIONS.COM
>    Server Name: GOOGLE.COM.BEYONDWHOIS.COM
>    Server Name: GOOGLE.COM.AFRICANBATS.ORG
> 
> Yep, like that.
> 
> AlanC
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org

More information about the dns-operations mailing list