[dns-operations] does it matter when nameserver recs have non-matching PTRs ?
Mark Jeftovic
markjr at easydns.com
Sat Aug 1 17:03:32 UTC 2015
Personally I have always believed the answer to be "no" (provided that
both entities would provide a coherent response *if they were able to be
queried* - see below).
But there are TLDs out there who get pretty militant about it.
Scenario:
example.tld is delegated to:
ns1.example.com
ns2.example.com
With valid forward/reverse lookups.
DDoS hits ns1.example.com. Datacenter, network carrier, whoever null
routes or otherwise screams "uncle".
DNS ops for ns1.example.com change it's IP to route queries to another
location, say: ddos1.example.com
ddos1.example.com should now be getting fresh queries for
ns1.example.com (as well as anything that was also already delegated to
ddos1.example.com)
NOC at the .tld ccTLD commence sending nastygrams to domains delegated to:
ns1.example.com
telling them their forward and reverse lookups no longer match. FIX OR
BE SUSPENDED (wtf?)
Why?
What is the case for this?
Because it works just fine and it's better than having ns1.example.com
down hard.
- mark
--
Mark Jeftovic, Founder & CEO, easyDNS Technologies Inc.
Company Website: http://easydns.com
Read My Blog: http://markable.com
+1-416-535-8672 ext 225
More information about the dns-operations
mailing list