[dns-operations] does it matter when nameserver recs have non-matching PTRs ?
Mark Jeftovic
markjr at easydns.com
Sat Aug 1 18:22:14 UTC 2015
On 2015-08-01 1:45 PM, Paul Vixie wrote:
> i like ptr's for nameservers, because it proves that the owner of the ip
> address knows they're running a name server and are comfortable having
> zones delegated to it.
>
Yes, that is another frequent gripe of mine - that people can delegate
to your nameservers and the dns op can't stop them, so that is a valid
point.
> otherwise, someone can list a web server name as an NS RR for some
> low-value names, spam the hell out of those names, and then up ddos'ing
> the web server with DNS packets.
>
Ideally there is some leeway for common sense, i.e.
ns1.example.com is temporarily using 192.168.4.13
and if the PTR on 192.168.4.13 has a PTR to another hostname under the
same superdomain (example.com), it should signal the same intent.
If the IP PTR's back to mx.hotmail.com, then sure, I can see the
reluctance to allowing the delegation.
- mark
--
Mark Jeftovic, Founder & CEO, easyDNS Technologies Inc.
Company Website: http://easydns.com
Read My Blog: http://markable.com
+1-416-535-8672 ext 225
More information about the dns-operations
mailing list