|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: NANOG list reverse DNS handling
Iljitsch van Beijnum wrote: There is also a link to a DNS checking tool. However, this tool is pretty much useless in situations such as the one in which I found myself, as it doesn't answer the real question: what is the TTL for the offending DNS information.You should have the answer to that (more or less- at least the upper bound) as it is set by you in your zone. Now, if you want to know how much of the TTL remains wrt to merit.edu accepting mail, you need to know what resolvers the mail server is using, and can then query thusly: $ dig ptr 1.65.149.83.in-addr.arpa @dns.merit.net | grep ^1 1.65.149.83.in-addr.arpa. 86400 IN PTR sequoia.muada.com. (I see that dns.merit.net is the next IP above mail.merit.net which is the only MX RR for merit.edu, although that's really still just a guess as to the resolver it uses) A second query reveals that the TTL on this record has decreased by a few seconds. Since your .arpa zone ttl seems to be at one day, it isn't likely that dns.merit.edu is the resolver for mail.merit.edu (or else it has since expired from cache): $ dig ptr 1.65.149.83.in-addr.arpa @dns.merit.net | grep ^1 1.65.149.83.in-addr.arpa. 86398 IN PTR sequoia.muada.com. Note that this doesn't work if the resolver has an ACL applied that restricts who can do resolution on it and you don't fall within that ACL. But the bigger hurdle here is really figuring out what the resolver mail.merit.edu uses, since it's most likely open. A check of all the auth DNS servers for merit.edu reveals no evidence of caching for this particular record.
|