[146099] in North American Network Operators' Group
Re: Performance Issues - PTR Records
daemon@ATHENA.MIT.EDU (Jimmy Hess)
Wed Nov 2 20:39:26 2011
In-Reply-To: <20145.52607.535238.692116@world.std.com>
Date: Wed, 2 Nov 2011 19:38:30 -0500
From: Jimmy Hess <mysidia@gmail.com>
To: Barry Shein <bzs@world.std.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Wed, Nov 2, 2011 at 6:08 PM, Barry Shein <bzs@world.std.com> wrote:
> Another practical problem with this approach is that .IN is India but
> hey, at least it blocks something :-)
There are also some services out there that block connections
entirely, if the user doesn't have a PTR record.
I'm thinking IRC servers, MUDs, and some other services with strange
security policies that check for a port 113 IDENT response and RDNS to
make a dark magic security decision to block a user who has no PTR.
But in the modern world... more commonly, MTAs such as sendmail are
often configured to require a valid PTR record. So as an ISP, you
may be breaking your user's local MTA if you don't have the correct
PTR for their IP addresses.
So I would say following the RFCs and implementing the proper PTRs
will help with that performance issue as a side-effect of having a
valid zone, and head off other issues with possibly less
popular services that are still blocking connections based on lack of
proper PTR. :)
> --
> =A0 =A0 =A0 =A0-Barry Shein, that'd be .ID for Indonesia
--
-JH
