Reverse IP addresses - bind [was Re: adelaide IT jobs]
glen.turner at aarnet.edu.au
Wed May 28 16:13:41 CST 2003
jonathan soong wrote:
>> I'm sure I can't tell you anything you don't know already, but who
>> In my own experience, more than 85% of all spam attempts come from
>> a domain name which "postfix" calls "unknown". I.e. the SMTP peer IP
>> address is not in the reverse DNS. Of the remaining percentage,
> Just wondering, as i am setting up a DNS. Does it _really_ matter if you
> don't put a reverse
> DNS entry in for a domain? What happens if you don't? is it bad?
A few things won't work.
- some e-mail configurations will bounce your mail, as
it's most likely spam.
- some people have access controls based on reverse DNS
For example /etc/hosts.allow might say:
This is very convenient, much more so than hard-coding
the IP addresses allowed to connect.
- traceroute sucks, as the change between domains gives
good ideas in who's netwok the fault is.
In short, you should do it. There is a world full of tools
for generating PTR records so that you don't need to any
Alternatively, ditch the whole DNS thing. Configure named
and dhcpd for Dynamic DNS. Now drive almost all your DNS
configuration from the DHCP server configuration. If you're
deploying a new network I'd strongly suggest taking this
path because it significantly reduces ongoing costs .
The LinuxSA web site has notes from a Dynamic DNS presentation.
 when a machine arrives you enter its name and MAC
address into the DHCP configuration and that's it.
So there's no need track moves and changes (which
can be expensive and also inappropiate in this age
of laptop computers).
Glen Turner Tel: (08) 8303 3936 or +61 8 8303 3936
Network Engineer Email: glen.turner at aarnet.edu.au
Australian Academic & Research Network www.aarnet.edu.au
linux.conf.au 2004, Adelaide lca2004.linux.org.au
Main conference 14-17 January 2004 Miniconfs from 12 Jan
LinuxSA WWW: http://www.linuxsa.org.au/ IRC: #linuxsa on irc.freenode.net
To unsubscribe from the LinuxSA list:
mail linuxsa-request at linuxsa.org.au with "unsubscribe" as the subject
More information about the linuxsa