[dns-operations] does it matter when nameserver recs have non-matching PTRs ?
Jim Popovitch
jimpop at gmail.com
Mon Aug 3 16:28:23 UTC 2015
On Mon, Aug 3, 2015 at 12:08 PM, Mark Jeftovic <markjr at easydns.com> wrote:
>
>
> On 2015-08-03 11:19 AM, Jim Popovitch wrote:
>
>>>> ~$ dig NS speedyiguana.com
>>>> ns1.speedyiguana.net.
>>>>
>>>> ~$ host ns1.speedyiguana.net
>>>> ns1.speedyiguana.net has address 107.191.126.119
>>>>
>>>> ~$ host 107.191.126.119
>>>> 119.126.191.107.in-addr.arpa domain name pointer ns1.domainmail.org.
>>>>
>>>
>>> Indeed.
>>>
>>> Good luck getting anything delegated to ns1.speedyiguana.net under .IS!
>>
>> To be honest, is anybody doing that anyways?
>>
>
> I don't understand what you mean above, is anybody doing "that" ?
Would example.is delegate NS to ns*.speedyiguana.net which has a PTR
of ns*.domainmail.org? or are you saying that ns1.speedyiguana.is
could not use IP 107.191.126.119 (PTR = ns1.domainmail.org).
>> ns?.domainmail.org handles DNS for several domains, of which those
>> domains use their own NS names... because glue works better that way
>> when you are hosting non-.org TLDs on a .org infrastructure, but
>> surely you would know that.
>>
>
> Fine can of worms you've opened here. All of them would have issues
> getting delegated under various ccTLDs.
>
> Yet I see Paul's earlier point that some basic minimum of "is this
> really a nameserver that is prepared to accept a delegation" is not a
> bad thing - it's true that hardly any gTLDs do any of this (and I think
> that's a problem too)
>
> So what' the medium?
>
> Earlier I said "what if both records are under the same superdomain" and
> you trot out this example, which also seems valid.
>
> * both records under the same superdomain
>
> OR
>
> * records indicate that they are being used as a nameserver by naming
> themselves... nsX, dnsX, and what else? (We have some nameservers named
> "rush", "motorhead" and "nirvana")
You also have some aliased names like dns2.easydns.com, so let me ask:
would aliasing ns1.speedyiguana.com as ns1.domainmail.org be better
from your pov?
My understanding is that proper glue is a greater sign of DNS
integrity than matching rDNS, but maybe not? I'm not new at DNS, but
I'm also not an expert, so... I'm always willing to learn more.
-Jim P.
More information about the dns-operations
mailing list