On Wed, Apr 07, 2004 at 06:41:54PM -0600, Doug Royer wrote:
The same problem is for static DSL or dial-up IP addresses. How much effort will your ISP
put into verifying that your have the right to do a reverse push of home.example.com ?
None in most cases. So the reverse DNS will not match the forward.
This is a problem of the ISP. This is not an unsolvable problem. If your ISP doesn't manage revDNS records, get one that does. Problem solved.
Most ISPs will not push reverse DNS entries for domains where they are not the primary DNS because they can not verify you have the right to use that domain without some labor cost to them, so they do not do it.
If they use your MTA - yes it is traceable to your MTA.
Co-hosted systems may use their own MTA and DNS. Or you DNS and their MTA,
or your MTA and their DNS, or some 3rd party MTA or DNS. There is no way
to control that. The reason people co-host is to co-locate, high availability (UPS or
whatever) and they are using your IP addresses.
What do I care? If they use our MTA there is no problem at all, as fwdDNS and revDNS for mail.space.net match perfectly and I see no reason why they shouldn't.
If they use their own DNS and their own MTA it's within their own responsibility to have a correct setup. If they fsck up the A record for their www entry it is also their problem not that of anyone else.
However the ISP owns the IP space, so they can not push the reverse map and the ISP can not push the forward map. What would keep them in sync? This is why I say it is not manageable.
If the reverse map points to bogus.com and I own the IP space, guess where the complaints go? It still goes to the IP owner. Nothing changes, nothing that I can see is gained.
We do, and managing revDNS is no problem.For co-hosting systems at your site that use their own MTAs? Are they correct?
What do I care? The customers tell us what PTR record they want for IP space owned by them and we add them or delegate the block so they can manage it their own. If we add them we take care they are syntacitcally correct, the semantics is up to the customer.
Back to my other question. Are they all correct all of the time? Or do you just take there word for it? Have they ever forgotten to tell you of a change.
No its not, if I own the IP space - I get the spam complaints, not them. The spammersIf you do not know if they are correct, then that is the same problem as now which is they do not match.
Which is a problem of the customer. If he sends us wrong information
it's his problems if things don't work like he expects.
That has labor costs - many say 'no'.If they use a DNS server that is not yours,
you can not automatically check. They could drop host2.example.com and
replace it with mx2.example .com and you would never know. You would
just know that they sill used that IP.
It is not within the responsibility of the ISP to ensure that it is correct if it is customer allocated IP space.
They do not have to provide it, and many do not. They point them to themselvesBut the ISP has to provide the possibility for the customer to have the PTR records they want for the IP space allocated to them.
And if they want to have mail.example.com they get it and example.comToo late, the spam was sent because they did not tell you, ran their own MTA.
may sue them if they don't like it.
No it is the ISPs problem. So again that is the way it is now, what is gained?Okay there is a tool. What if they do not use it?
It is their problem.
...
Doug Royer | http://INET-Consulting.com
-------------------------------|-----------------------------
Doug@xxxxxxxxx | Office: (208)520-4044
http://Royer.com/People/Doug | Fax: (866)594-8574
| Cell: (208)520-4044Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature