[plug] dns reverse lookup

Daniel Pearson (Flashware Solutions) daniel at flashware.net
Thu Sep 20 12:36:39 WST 2007


Craig Foster wrote:
>   
>> -----Original Message-----
>> From: plug-bounces at plug.org.au [mailto:plug-bounces at plug.org.au] On
>> Behalf Of Peter Sutter
>> Sent: Thursday, 20 September 2007 12:05 PM
>> To: plug at plug.org.au
>> Subject: Re: [plug] dns reverse lookup
>>
>> On Thursday 20 September 2007 09:40, Craig Foster wrote:
>>     
> <snip>
>   
>>> Correct. iiNet still have reverse DNS entries on dynamic IP, along
>>>       
>> the
>>     
>>> lines of 203-59-14-16.dyn.iinet.net.au
>>> Maybe the DNS server on the clients systems is running slow... How
>>>       
>> quick
>>     
>>> does host or nslookup work on these boxes?
>>>
>>> Craig F.
>>>       
>> No, it has nothing to do with dns on clients. iinet has a new address
>> range, a
>> B Class in 124.169.0.0 and started to dish out these addresses on
>> Monday.  A
>> nslookup results in
>> ** server can't find 106.45.169.124.in-addr.arpa: NXDOMAIN
>>
>> I have spoken to iinet and they blankly refuse to add reverse dns to
>> this
>> address range. If you want reverse dns, you need a static IP address
>> which
>> will cost more money. iinet considers reverse dns lookups as a
>>     
> security
>   
>> risk,
>> a view which I disagree with. I think that reverse lookup is a legal
>> way to
>> do some basic authentication, a hurdle which catches most spammers and
>> phishers.
>>
>>     
> <snip>
>   
>> The consequences of this policy are that half the services offered by
>> the
>> internet will not be available for iinet users with dynamic IP
>> addresses (if
>> they get an IP address in the new 124.169.0.0 range. And most of these
>> services are available under Linux only. Is this an intended bias?
>>
>> Peter
>>     
>
> I asked the wrong question, but got the answer I was looking for (re
> 106.45.169.124.in-addr.arpa: NXDOMAIN). 
>
> I think that iitechie is slightly full of it... It'll slow their own
> mail server down as it tries to lookup the client address for the
> headers :/
>
> I'm not surprised that iiNet won't do a specific reverse dns, however
> their usual procedure is to create a bulk PTR lookup zone *before* the
> range goes live... Someone dropped the ball, and my sources inside
> aren't answering their mobiles.
>
> CraigF.
>   
And by sources you mean Adrian? *G*



More information about the plug mailing list