[dns-operations] does it matter when nameserver recs have non-matching PTRs ?

Mark Jeftovic markjr at easydns.com
Sat Aug 1 17:03:32 UTC 2015

Personally I have always believed the answer to be "no" (provided that
both entities would provide a coherent response *if they were able to be
queried* - see below).

But there are TLDs out there who get pretty militant about it.


example.tld is delegated to:


With valid forward/reverse lookups.

DDoS hits ns1.example.com. Datacenter, network carrier, whoever null
routes or otherwise screams "uncle".

DNS ops for ns1.example.com change it's IP to route queries to another
location, say: ddos1.example.com

ddos1.example.com should now be getting fresh queries for
ns1.example.com (as well as anything that was also already delegated to

NOC at the .tld ccTLD commence sending nastygrams to domains delegated to:


telling them their forward and reverse lookups no longer match. FIX OR


What is the case for this?

Because it works just fine and it's better than having ns1.example.com
down hard.

- mark

Mark Jeftovic, Founder & CEO, easyDNS Technologies Inc.
Company Website: http://easydns.com
Read My Blog:    http://markable.com
+1-416-535-8672 ext 225

More information about the dns-operations mailing list