[92898] in North American Network Operators' Group
Re: AT&T refuses to provide PTR records?
daemon@ATHENA.MIT.EDU (Jack Bates)
Wed Oct 18 10:12:53 2006
Date: Wed, 18 Oct 2006 09:11:45 -0500
From: Jack Bates <jbates@brightok.net>
To: Mark Foster <blakjak@blakjak.net>
Cc: nanog@nanog.org
In-Reply-To: <Pine.LNX.4.62.0610182219490.655@maverick.blakjak.net>
Errors-To: owner-nanog@merit.edu
Mark Foster wrote:
> Surely if you have _a_ matching forward and reverse DNS pair, that'd get
> you started?
>
The problem in our case is that this wasn't an email issue. Any service
(http/ftp/nntp/etc) which performed rDNS lookups prior to handling the
connection would end up timing out the connection due to the fact that AT&T had
setup a CNAME which pointed to a nameserver that no longer existed (from when
the IP was owned by someone else). The actual complaint was failure to ftp files
from the location due to the ftp server doing rDNS. AT&T refused to remove the
old CNAME which was defunct. We didn't need matching anything. NXDOMAIN would
have even been acceptable. However, forwarding the request to non-existent
nameservers is not.
>
> The issue was where there was no matching A/PTR set, this would increase
> the likelyhood of a spam host or something... right?
>
The issue was that when revoking an IP from a customer, AT&T did not remove the
rDNS configuration for that IP. Had they done so, their own servers would have
reported back that there wasn't any rDNS (NXDOMAIN) which would have been
perfectly acceptable.
Jack Bates
