[113004] in North American Network Operators' Group
Re: REVERSE DNS Practices.
daemon@ATHENA.MIT.EDU (William Pitcock)
Sat Mar 28 03:41:10 2009
From: William Pitcock <nenolod@systeminplace.net>
To: Luke S Crawford <lsc@prgmr.com>
In-Reply-To: <m3bprmf7e1.fsf@luke.xen.prgmr.com>
Date: Sat, 28 Mar 2009 02:39:00 -0500
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Sat, 2009-03-28 at 03:12 -0400, Luke S Crawford wrote:
> bmanning@vacation.karoshi.com writes:
> > or - the more modern approach is to let the node (w/ proper authorization)
> > do a secure dynamic update of the revserse map - so the forward and reverse
> > delegations match. ... a -VERY- useful technique.
>
> I have a question. Is this an abuse problem? some ISPs require their domain
> to be in the rdns in an effort to herd abuse reports to the correct org.
> Is this generally considered useless? Is it generally considered OK to
> hand relatively untrusted users the keys to their own rdns?
>
> (I'm forcing my own customers to have a rdns of something.xen.prgmr.com
> for several months, Much to the chagrin of many presumably innocent and
> legitimate customers. )
We allow RDNS controls to RapidXen customers since January 2009. It
seems to be ok. We do have the ability to disable RDNS access to
specific users if we feel it is being abused, however.
--
William Pitcock
SystemInPlace - Simple Hosting Solutions
1-866-519-6149
