[dns-operations] does it matter when nameserver recs have non-matching PTRs ?

Mark Jeftovic markjr at easydns.com
Sat Aug 1 17:03:32 UTC 2015


Personally I have always believed the answer to be "no" (provided that
both entities would provide a coherent response *if they were able to be
queried* - see below).

But there are TLDs out there who get pretty militant about it.

Scenario:

example.tld is delegated to:

	ns1.example.com
	ns2.example.com

With valid forward/reverse lookups.

DDoS hits ns1.example.com. Datacenter, network carrier, whoever null
routes or otherwise screams "uncle".

DNS ops for ns1.example.com change it's IP to route queries to another
location, say: ddos1.example.com

ddos1.example.com should now be getting fresh queries for
ns1.example.com (as well as anything that was also already delegated to
ddos1.example.com)

NOC at the .tld ccTLD commence sending nastygrams to domains delegated to:

ns1.example.com

telling them their forward and reverse lookups no longer match. FIX OR
BE SUSPENDED (wtf?)

Why?

What is the case for this?

Because it works just fine and it's better than having ns1.example.com
down hard.

- mark


-- 
Mark Jeftovic, Founder & CEO, easyDNS Technologies Inc.
Company Website: http://easydns.com
Read My Blog:    http://markable.com
+1-416-535-8672 ext 225



More information about the dns-operations mailing list