[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Reverse DNS RFCs and Recommendations



I've been (probably needlessly) pouring over the Reverse DNS RFCs for long enough to actually have questions about a subject that should be relatively unimportant. I do want to make sure that we set up our reverse DNS correctly and most efficiently the first time so that we don't irritate other network operators  with difficult regex based filtering ( http://www.gossamer-threads.com/lists/nanog/users/113633 ) and we don't have to change things as per a recommendation down the road.

RFC draft-msullivan-dnsop-generic-naming-schemes-00.txt states:
When using IP addresses in host names, their numbers SHOULD be
   separated by '.'s (dots) rather than any meta character such as a '-'
   (dash) and expressed in decimal.  Host names SHOULD NOT use the '_'
   (underscore) character, host names for hosts with any form of SMTP
   mail service MUST NOT use the '_' (underscore) character.  It is
   preferable to use the IP address in reverse format in the same way
   the the IN-ADDR.ARPA. domain is defined.

Now since it is only a first revision draft I'm taking what it has to say with a grain of salt and it seems has taken quite a bit of criticism on forums. I'm also not singling out on Time Warner, WOW, Comcast or Charter for their naming conventions nor do I think they are bad, I'm just using them as examples because they are local, well-known ISPs.

Actual Examples:
cpe-67-XX-XX-XX.stny.res.rr.com - 67.XX.XX.XX
d28-XX-XX-XX.dim.wideopenwest.com - 28.XX.XX.XX
c-68-XX-XX-XX.hsd1.mi.comcast.net - 68.XX.XX.XX
24-XX-XX-XX.static.bycy.mi.charter.com - 24.XX.XX.XX

*Most ISP Reverse DNS Hostnames (from what I've observed) seem to use the dash "-" character with the forward format, as opposed to the reverse IN-ADDR.ARPA. dotted scheme as recommended in the draft
*Comcast and Charter all have geographic based furthest-right-hand tokens.
*Charter, WideOpenWest, Time Warner, and Comcast all have some acronym that is not immediately clear, at least to me (HSD - High Speed Data?, BYCY - Bay City, MI?, DIM - Dynamic IP Mapping?, STNY - Southern Tier New York?)

Which finally brings me to my questions:
It seems like the unspoken de facto that mail admins appreciate given the IP 203.0.113.15 is "203-0-113-15.[type].[static/dynamic].yourdomain.tld". This seems perfectly acceptable, it's short, detailed and to the point. Is there really anything bad about this?

What, if any would you name a network, gateway, broadcast address? Should the PTR be empty?

<tinfoilhat> I've seen a lot about naming what type of technology it is (wireless, adsl, cable, etc.) in order to filter out the "high speed spammers". It seems to me that this would open up the likelihood of a targeted attack. We've all heard of security though obscurity and of course no one relies on it but we have to face the fact there are CVEs every day for various networking hardware/firmware. If an attacker can query DNS and find out that the IP is for wireless they could filter all wireless gear exploits. Is this still a good practice given the abundance of high speed data connections or is this just opening yourself up to reconnaissance?</tinfoilhat>

There is a Merit Network mailing list discussion that outlines most of what I've read that can be found here ( http://www.merit.edu/mail.archives/nanog/msg06843.html )

Nolan Rollo
VoIP Engineer
Main: 517.223.3610x114
Fax: 517.223.4120
www.kw-corp.com<http://www.kw-corp.com/>