Date: Wed, 22 Nov 2000 11:09:27 -0000 From: Daniel Bye <Daniel.Bye@uk.uu.net> To: 'Zero Sum' <count@shalimar.net.au>, questions@FreeBSD.ORG Subject: RE: Demonic Naming service. Message-ID: <FB7CAC781DB6D311BEE800805FE6FADA2F4DB1@camexch4.cam.uk.internal>
next in thread | raw e-mail | index | archive | help
Not all IPs have reverse DNS setup. Whether or not a given address can be resolved backwards through DNS depends on who owns the CIDR block that it comes from, and on their policy with regard to reverse DNS. Generally, mail servers have reverse DNS configured, but there is no reason (except manners and convenience) to do the same for ALL addresses in a given net- range. If the owner of the CIDR block religiously sets up reverse DNS, all is good. However, many ISPs leave this decision to the individual customer- and it then becomes their responsibility to look after the reverse DNS. So, just because you can't resolve an IP address to a name doesn't mean that it is spoofed (incidentally, are they logegd as TCP connections? If so, it is very hard to spoof TCP connections, because of the need for acknowledgement packets after each data packet...). All it means is that the authority that owns the CIDR block, or the authority that owns the net block, hasn't set up reverse DNS, for whatever reason. Dan. -----Original Message----- From: Zero Sum [mailto:count@shalimar.net.au] Sent: 22 November 2000 10:57 To: questions@FreeBSD.ORG Subject: Demonic Naming service. Please enlighten; I have looked up IPs I found in my firewall logs and, no surprise, some of them do not reverse resolve. No surprise, faked IP, presumably. BUT, I can traceroute and ping the IPs. So they must exist. My conclusion; I have something stuffed in my DNS. Is my conclusion correct? Is my reasoning correct? I've just noticed that my machine has had an smtp conversation with an unresolvable host "202.98.16.1". Ethereal shows a normal mail conversation (w/out going inside the packets). Does that confirm I have a bum DNS setup? Or since my ISP couldn't resolve it, does it confirm that their DNS is stuffed? Geoff -- count@shalimar.net.au Nihil curo de ista tua stulta superstitione To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?FB7CAC781DB6D311BEE800805FE6FADA2F4DB1>