Reverse DNS: Is it necessary?

Nate Duehr nate at natetech.com
Mon Mar 19 04:56:31 UTC 2001 

On Sun, Mar 18, 2001 at 08:53:12AM -0500, James A Griffin wrote:
> Please let the list know who your ISP is.  They need help.
> 
> It is this sort of technical incompetence and inadequate service that
> gives government regulators ammunition for plans they might have for
> bring Internet ISPs under some sort of "certified carrier" regulation. 
> Is that what they want?


Nice FUD.  What government would that be?  The U.S. Government?  I bet
there are a few other countries who wouldn't care how the DNS namespace
is run.  Not to mention that the average politician couldn't find an IP
address from ... <fill in the blank>.  So who in the government would
want this "certification" and who in the rest of the world would care?

Give us a break.

LKembel, is your web host providing you your own IP address or are they
putting other customers on the same webserver at the same IP.  If so, I
can fully understand why they wouldn't put a PTR record in for the IP
address.

Usually it's done in direct relation to how much you PAID for the
service.  :-)  Low price, multi-hosted virtual server, low speeds, high
latency, shared IP.  As the price goes up, the service gets better --
as in many things.

Yes, reverse entries are considered "proper" use of the DNS namespace,
however most layer 7 applications that require it are falsely assuming
that a reverse lookup cannot be spoofed or altered.  It's extremely poor
"security", and in most cases unnecessary queries are created that add
unnecessary load to DNS servers for information that is worthless.

That said, I keep my reverses set up correctly and in-line with best
practice.  Might as well.

And I see a lot of unnecessary in-addr-arpa lookups on my nameservers
too.  :-)

> Studio 51 wrote:
> > 
> > I asked my web host to fix the lack of reverse DNS for the domains they host
> > for me, they told me that thier nameservers don't support reverse DNS. Is
> > this considered a misconfiguration? It's a dedicated host that will be
> > running a spider program, so I would think that many hosts would try to
> > perform a reverse DNS lookup on the spider, which will fail because of this.
> > Are there any other areas this is likely to affect?
> > 
> > I thought reverse DNS was a standard part of properly setting up a
> > nameserver, am I wrong?

-- 
Nate Duehr <nate at natetech.com>

GPG Key fingerprint = DCAF 2B9D CC9B 96FA 7A6D AAF4 2D61 77C5 7ECE C1D2
Public Key available upon request, or at wwwkeys.pgp.net and others.

More information about the bind-users mailing list