[166542] in North American Network Operators' Group
Reverse DNS RFCs and Recommendations
daemon@ATHENA.MIT.EDU (Nolan Rollo)
Wed Oct 30 12:13:05 2013
X-Barracuda-Envelope-From: nrollo@kw-corp.com
From: Nolan Rollo <nrollo@kw-corp.com>
To: "nanog@nanog.org" <nanog@nanog.org>
Date: Wed, 30 Oct 2013 16:12:31 +0000
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
I've been (probably needlessly) pouring over the Reverse DNS RFCs for long =
enough to actually have questions about a subject that should be relatively=
unimportant. I do want to make sure that we set up our reverse DNS correct=
ly and most efficiently the first time so that we don't irritate other netw=
ork operators with difficult regex based filtering ( http://www.gossamer-t=
hreads.com/lists/nanog/users/113633 ) and we don't have to change things as=
per a recommendation down the road.
RFC draft-msullivan-dnsop-generic-naming-schemes-00.txt states:
When using IP addresses in host names, their numbers SHOULD be
separated by '.'s (dots) rather than any meta character such as a '-'
(dash) and expressed in decimal. Host names SHOULD NOT use the '_'
(underscore) character, host names for hosts with any form of SMTP
mail service MUST NOT use the '_' (underscore) character. It is
preferable to use the IP address in reverse format in the same way
the the IN-ADDR.ARPA. domain is defined.
Now since it is only a first revision draft I'm taking what it has to say w=
ith a grain of salt and it seems has taken quite a bit of criticism on foru=
ms. I'm also not singling out on Time Warner, WOW, Comcast or Charter for t=
heir naming conventions nor do I think they are bad, I'm just using them as=
examples because they are local, well-known ISPs.
Actual Examples:
cpe-67-XX-XX-XX.stny.res.rr.com - 67.XX.XX.XX
d28-XX-XX-XX.dim.wideopenwest.com - 28.XX.XX.XX
c-68-XX-XX-XX.hsd1.mi.comcast.net - 68.XX.XX.XX
24-XX-XX-XX.static.bycy.mi.charter.com - 24.XX.XX.XX
*Most ISP Reverse DNS Hostnames (from what I've observed) seem to use the d=
ash "-" character with the forward format, as opposed to the reverse IN-ADD=
R.ARPA. dotted scheme as recommended in the draft
*Comcast and Charter all have geographic based furthest-right-hand tokens.
*Charter, WideOpenWest, Time Warner, and Comcast all have some acronym that=
is not immediately clear, at least to me (HSD - High Speed Data?, BYCY - B=
ay City, MI?, DIM - Dynamic IP Mapping?, STNY - Southern Tier New York?)
Which finally brings me to my questions:
It seems like the unspoken de facto that mail admins appreciate given the I=
P 203.0.113.15 is "203-0-113-15.[type].[static/dynamic].yourdomain.tld". Th=
is seems perfectly acceptable, it's short, detailed and to the point. Is th=
ere really anything bad about this?
What, if any would you name a network, gateway, broadcast address? Should t=
he PTR be empty?
<tinfoilhat> I've seen a lot about naming what type of technology it is (wi=
reless, adsl, cable, etc.) in order to filter out the "high speed spammers"=
. It seems to me that this would open up the likelihood of a targeted attac=
k. We've all heard of security though obscurity and of course no one relies=
on it but we have to face the fact there are CVEs every day for various ne=
tworking hardware/firmware. If an attacker can query DNS and find out that =
the IP is for wireless they could filter all wireless gear exploits. Is thi=
s still a good practice given the abundance of high speed data connections =
or is this just opening yourself up to reconnaissance?</tinfoilhat>
There is a Merit Network mailing list discussion that outlines most of what=
I've read that can be found here ( http://www.merit.edu/mail.archives/nano=
g/msg06843.html )
Nolan Rollo
VoIP Engineer
Main: 517.223.3610x114
Fax: 517.223.4120
www.kw-corp.com<http://www.kw-corp.com/>
