[AusNOG] IPv6 reverse DNS and Mail ...
Mark Delany
g2x at juliet.emu.st
Mon May 20 16:25:56 EST 2013
On 20May13, Peter Tiggerdine allegedly wrote:
> So we should all just ignore RFC's because our largest trading partner
> decide they don't to play by the same rules as the rest of the world.. WTF?.
For some reason you think that all RFCs are perfect and are always
pragmatically based. Where did you get that idea from?
Geeks have been banging the "must have a reverse" drum for, what, 20
years now? The evidence is in, it's a lost cause because time-pressed
admins rarely waste their time on useless fluff that is a maintenance
headache.
> How exactly is it more difficult than forward records?
Well, for a start arranging the delegation of reverse can be a lot
more difficult. If your ISP doesn't do a good job, or doesn't want to
delegate you have zero recourse. Managing your forwards is completely
under your control and does not require co-operation from any upstream
delegation.
For seconds, nothing stops working if the reverses are missing or
wrong. Third, if they get out-of-date nothing knows or cares. Forth,
if you make completely bogus entries in your reverses, you make the
RFC Police happy, but what is that really achieving apart from
demonstrating basic scripting skills?
In any event, it's not a question of difficulty, it's a question of
cost/benefit. And as we see all the time, a lot of places don't
believe that one exists.
When you block on a missing reverse, you're mostly using that as a
proxy to recognize an overworked or under-trained admin or a
recalcitrant upstream provider. None of these have much bearing on
what is being run on that IP.
So I guess if your goal is to punish an overworked admin, continue to
block away.
The other problem is that spammers are well aware that a lack of
reverse is used by some naive filters, so guess what? They retry the
same payload to you from another IP if the first IP fails. They will
keep going until one of their IPs is accepted by you.
You may smugly think you've blocked them, and they smugly know that
they got to you via another route.
For those who believe that blocking an a lack of reverse truly stops
spam, how do you know it didn't show up some time later on an IP that
happens to have a reverse?
Mark.
More information about the AusNOG
mailing list