|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: is reverse dns required? (policy question)
* Andre Oppermann <[email protected]> [2004-12-03 11:04]: > Mark Andrews wrote: > >In article <[email protected]> you write: > >>You would put in a global wildcard that says no smtp sender here. Only > >>for those boxes being legitimate SMTP to outside senders you'd put in a > >>more specific record as shown above. You probably have to enter some > >>dozen > >>to one hundred servers this way. Sure your reverse zone scripts need some > >>changes but it's only two or three lines. > >> > >>Ideally you could tell your DNS server in the zone file this: > >> > >>_send._smtp._srv.*.*.173.128.in-addr.arpa. IN TXT "0" > >>_send._smtp._srv.*.*.82.198.in-addr.arpa. IN TXT "0" > >> > >>being overidden by more specific information on single IP addresses. > > > > > > You obviouly do not know how wildcard work in the DNS or you > > would not have made this suggestion. Please read RFC 1034 > > and work though Section 4.3.2. Algorithm with a QNAME of > > _send._smtp._srv.1.1.173.128.in-addr.arpa. > > The wildcards are in the DNS server zone file for interpretation by the > DNS server itself. It would not be published as such because that obviously > wouldn't work as you prove. But nothing is preventing BIND or whatever > from taking this wildcard record and answering every request with the > wildcard "_send._smtp._srv.*" RR if no more-specific exists. This should > be relatively straight forward to code. Wouldn't want to touch the code > base of BIND but for DJBDNS I could somewhat easily implement it. eh? no need to... Thus we propose expanding the reverse DNS tree with a subdomain with the well known name _srv This subdomain MAY be inserted at any level in the DNS tree for IPv4 IN-ADDR.ARPA reverse zones. For IPv6, to limit the number of DNS queries, _srv is only queried at the /128 (host), /64 (subnet) and / 32 (site) level. That way it can either provide information for a specific IP address or for a whole network block. More specific information takes precedence over information found closer to the top of the tree. -- Henning Brauer, BS Web Services, http://bsws.de [email protected] - [email protected] Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie)
|