nslookup from WinNT machine
Kevin Darcy
kcd at daimlerchrysler.com
Fri Jun 1 19:30:29 UTC 2001
Joseph S D Yao wrote:
> On Tue, May 29, 2001 at 09:00:01PM -0400, Kevin Darcy wrote:
>
> a very good point - some sites prefer to maximize the amount of mail
> that correctly gets through, at the expense of some spam; others prefer
> to maximize the spam exclusion, at the expense of some real mail
> falling through the cracks. This is much like some sites refusing all
> mail from freemail sites, a practice that horrifies others. Each site
> must choose its own policy.
>
> HOWEVER,
>
> In the same message, he suggests that spammers will soon learn how to
> make PTR records. This directly contradicts his earlier good point
> that it is so hard to understand how to make PTR records that many
> system administrators [who are on the whole much more intelligent than
> spammers - jsdy] just neglect to do so.
I don't think it's a contradiction at all. Spammers seem to be getting
better and better at getting reverse DNS right. At the same time, the
general level of DNS admin competence seems to be dropping and more and
more people seem to be struggling with reverse DNS. It may become the case
in a few years that spammers as a class may have *better* reverse DNS than
the general population, since they have such a stronger vested interest in
getting it right.
> Further, it does ABSOLUTELY NO
> GOOD to make your own PTR records. You would have to force the owner
> of the parent zone to delegate to you - which so far is hard enough to
> do even if you are the correct delegatee! ;-)
Perhaps I was oversimplifying when I referred to spammers "making their
own PTR records". I meant, of course, "get the proper delegations, set up
the proper zones, put the proper PTR records in them and serve them out to
the general public"...
> Our biggest uses of PTR records is to track down internal problems [and
> problem users], and to notify external sites when problems start
> happening which appear to be coming from their sites. If you ever want
> me to be able to trace a site of yours that has been hacked by someone
> else, and to be able to notify you, I would continue to keep your PTR
> records current. ;-) Especially since 'whois' on IP addresses doesn't
> seem to be being kept up very well.
I see this as an argument for improving the netblock WHOIS database, not
as an argument for trying to perpetuate the maintenance of reverse DNS. As
I've pointed out in other posts, netblock WHOIS is generally more useful
for these purposes, since it includes contact information, inherently
knows about CIDR, etc. Reverse DNS just isn't as well suited to the task.
- Kevin
More information about the bind-users
mailing list