Reverse IP addresses - bind [was Re: adelaide IT jobs]

Glen Turner glen.turner at aarnet.edu.au
Wed May 28 16:13:41 CST 2003


jonathan soong wrote:
>>
>>
>> I'm sure I can't tell you anything you don't know already, but who 
>> knows...
>> In my own experience, more than 85% of all spam attempts come from
>> a domain name which "postfix" calls "unknown". I.e. the SMTP peer IP
>> address is not in the reverse DNS. Of the remaining percentage,
>>  
>>
> Just wondering, as i am setting up a DNS. Does it _really_ matter if you 
> don't put a reverse
> DNS entry in for a domain? What happens if you don't? is it bad?

A few things won't work.

  - some e-mail configurations will bounce your mail, as
    it's most likely spam.

  - some people have access controls based on reverse DNS
    For example /etc/hosts.allow might say:

      sshd: .example.com

    This is very convenient, much more so than hard-coding
    the IP addresses allowed to connect.

  - traceroute sucks, as the change between domains gives
    good ideas in who's netwok the fault is.

In short, you should do it.  There is a world full of tools
for generating PTR records so that you don't need to any
typing.

Alternatively, ditch the whole DNS thing.  Configure named
and dhcpd for Dynamic DNS.  Now drive almost all your DNS
configuration from the DHCP server configuration.  If you're
deploying a new network I'd strongly suggest taking this
path because it significantly reduces ongoing costs [1].

The LinuxSA web site has notes from a Dynamic DNS presentation.

Best wishes,
Glen

   [1] when a machine arrives you enter its name and MAC
       address into the DHCP configuration and that's it.
       So there's no need track moves and changes (which
       can be expensive and also inappropiate in this age
       of laptop computers).

-- 
  Glen Turner         Tel: (08) 8303 3936 or +61 8 8303 3936
  Network Engineer          Email: glen.turner at aarnet.edu.au
  Australian Academic & Research Network   www.aarnet.edu.au
-- 
  linux.conf.au 2004, Adelaide          lca2004.linux.org.au
  Main conference 14-17 January 2004   Miniconfs from 12 Jan

-- 
LinuxSA WWW: http://www.linuxsa.org.au/ IRC: #linuxsa on irc.freenode.net
To unsubscribe from the LinuxSA list:
  mail linuxsa-request at linuxsa.org.au with "unsubscribe" as the subject



More information about the linuxsa mailing list