[AusNOG] IPv6 reverse DNS and Mail ...

Mark Smith markzzzsmith at yahoo.com.au
Wed May 22 07:17:55 EST 2013





----- Original Message -----
> From: Karl Auer <kauer at into6.com.au>
> To: ausnog at lists.ausnog.net
> Cc: 
> Sent: Tuesday, 21 May 2013 6:02 PM
> Subject: Re: [AusNOG] IPv6 reverse DNS and Mail ...
> 
> On Tue, 2013-05-21 at 17:06 +1000, Noel Butler wrote:
>>  quick look at yesterday on just one box 
>>  5xx Reject unknown client host              45.71%
>> 
>>  That's a rather large chunk of trash that amavisd doesn't have to 
> look
>>  at
> 
> Except, of course, that you don't know it's all trash. Which is the
> point.
> 
>>  I know, my bad for suggesting somebody actually do some
>>  work :)
> 
> I don't think anyone disagrees with the fact that it is, in the great
> scheme of things, pretty easy to add a PTR record. Nonetheless, it may
> be hard for some legitimate senders, and more so as IPv6 ramps up, who
> you will then punish by dropping their emails.
> 
> The point I and others are trying to make is that making rDNS entries
> for this reason is basically makework - it is necessary ONLY to identify
> a mail server as one where somebody did that little bit of extra work. A
> sort of binary marker. It has no necessary technical functionality at
> all[1]. If as I expect (because it is happening already) IPv6 rDNS ends
> up fully synthesised, it will be a completely pointless marker.
> 

The other thing IPv6 does is makes address space cheap and plentiful, to the point where people have been effectively lending out very large amounts of it (a least /64s) for free for more than a decade via IPv6 in IPv4 tunnels. If a spammer doesn't like the values of the PTRs that their ISP applies to the ISP provided space, they should easily be able to get address space from a tunnel provider where they have control over PTR contents.


> Regards, K.
> 
> [1] This is not to say that rDNS has no use. It's cool from an
> informational point of view to be able to see who an address range
> "belongs" to, helpful in traceroutes and so forth. But it's not
> *necessary*.
> 

In my experience, traceroute just dumps to output the contents of the PTR, rather than verifying that there is a forward entry that corresponds to the PTR value - traceroute starwars wouldn't be possible without it. What this means is that the contents of the PTR is arbitrary, and may not reflect reality. You should only trust it when the party who is populating the PTR RRs has their own incentives to keep it accurate and make it reflect reality, and even then you're making assumptions about a party you have no trust relationship with. Fortunately network operators do because they use it for essential troubleshooting. Other people even if they create PTRs, may not have as much of an incentive as long as things keep working. What amount of PTR validation do these anti-spam tools perform if the PTR is present?

> 
> -- 
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Karl Auer                                          tel  +61-2-64957435
> kauer at into6.com.au                                 mob  +61-428-957160
>                                         
> Into6 - IPv6 design, support, training                www.into6.com.au
> 
> GPG/PGP fingerprint: D8A4 A65A EE32 286F 1E36 55A4 0901 EEAF A785 1684
> 
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
> 



More information about the AusNOG mailing list