[dns-operations] does it matter when nameserver recs have non-matching PTRs ?

Mark Jeftovic markjr at easydns.com
Sat Aug 1 18:22:14 UTC 2015

On 2015-08-01 1:45 PM, Paul Vixie wrote:
> i like ptr's for nameservers, because it proves that the owner of the ip
> address knows they're running a name server and are comfortable having
> zones delegated to it.

Yes, that is another frequent gripe of mine - that people can delegate
to your nameservers and the dns op can't stop them, so that is a valid

> otherwise, someone can list a web server name as an NS RR for some
> low-value names, spam the hell out of those names, and then up ddos'ing
> the web server with DNS packets.

Ideally there is some leeway for common sense, i.e.

ns1.example.com is temporarily using

and if the PTR on has a PTR to another hostname under the
same superdomain (example.com), it should signal the same intent.

If the IP PTR's back to mx.hotmail.com, then sure, I can see the
reluctance to allowing the delegation.

- mark

Mark Jeftovic, Founder & CEO, easyDNS Technologies Inc.
Company Website: http://easydns.com
Read My Blog:    http://markable.com
+1-416-535-8672 ext 225

More information about the dns-operations mailing list