[AusNOG] IPv6 reverse DNS and Mail ...

Noel Butler noel.butler at ausics.net
Wed May 22 08:06:50 EST 2013


On Tue, 2013-05-21 at 17:44 +1000, Mark Andrews wrote:


> 
> Actually the job into let through legitimate email without letting
> through spam.  Mis-classification in either direction is bad.
> 


We agree on that, mail administration will forever be fine line
balancing act.
It's also for that very reason I refuse to have anything to do with
these "hardware" anti spam devices, the two most common ones (without
naming them I'm sure you know who) have both been plagued by misdirected
rules on many occasions.


> > quick look at yesterday on just one box
> > 5xx Reject unknown client host              45.71%
> >
> > That's a rather large chunk of trash that amavisd doesn't have to look
> > at
> 
> Its also potential a large number of potential false positives.
> 


Potential? Yes, but due to number of (or should I say lack there of)
complaints, the reality is very different.



> > True, so when your configuring postfix, dovecot, apache, whatever,
> > configure bind, edit your details in your providers portal if your not
> > authoritative, or a home or small business user can ask their ISP to set
> > PTR, yes, I know, my bad for suggesting somebody actually do some
> > work :)
> 
> Which requires ISP's to delegate or support updating PTR records.
> Technically that is easy.  Getting ISPs to accept that they need
> to do it is a different thing.  There may not be a ISP in your
> area that supports it for residential customers on DSL/Cable or
> are you saying that residental customers should be forced back
> to dialup modem?
> 


OK, so for residential customers, well, how many mail servers do you
want on your home LAN? I dunno bout you, but I only need one (my sec's
are off-site of course), so there is only one box with one IP for their
MX they need to make sure has complete DNS, so, why does what they have
been doing for past twenty years with reverse DNS at home have to
change? I have had personal PTR for home IP for over ten years (to be
fair, exclude 4 of them, since I was in charge of DNS at an ISP and
could add/change it myself) but of the residential DSL SP's I've used I
had no trouble getting custom PTR's, I did have to pay one of them a
once off small and reasonable fee, and another ISP a recurring small
fee, my current ISP cost me nothing more than an Email - So again, why
does that need to change, someone has to take the time to change it, or,
develop the interface to let the end users change it, be it IPv4, IPv6,
and whatever succeeds it.



> >
> >
> > If they have not learnt from IPv4 days, there is little hope now.
> 
> With IPv4 you can take all the IPv4 address space delegated to
> you, create a PTR for each address and serve it using stock
> nameservers.  Doing that with IPv6 is impossible.
> 

That's only because bind's GENERATE option was not changed to work with
IPv6, I've to be honest never used anything else, did try DJB
abomination at one stage many years back but that didn't last too long I
can assure you LOL, but who knows, when IPv6 becomes in serious use,
powerdns might make it happen, or your colleagues who I know are not
keen on the idea now, may change their mind as well.

At less than 1% global IPv6 utilisation I can understand why no-ones too
interested, likely playing the wait and see game.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20130522/6778c6fb/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: This is a digitally signed message part
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20130522/6778c6fb/attachment.sig>


More information about the AusNOG mailing list