also sprach dman <dman@dman.ddts.net> [2002.03.27.1557 +0100]: > | true. and it's not an excuse. it means that the provider is just > | another one of those that doesn't know what they're doing. DNS is > | bloody simple, it's amazing how many (influential) parties get it > | wrong. > > I don't know how knowledgeable or not the provider is. I have no > contact with them. The IPs my employer is actually using have proper > reverse DNS, but the admin had to tell the provider what entries he > wanted. He wasn't using his whole IP block, so he didn't specify > reverse DNS for the unused IPs. Now one of those IPs is being used. with or without permission? if with, then have your admin tell them to set the reverse. you should get a cool domainname first, or i'll give you a subdomain of pantsfullofunix.net if you wish. that's an opportunity you shouldn't miss, and for which you could even spend some bucks administrative fees. it's very cool and fun to have your own IP, which resolves to your own FQDN hostname!!! > | too much trouble. get your provider to do it right and your problems > | are history. > > Since I'm only certain I'll be here for another 7 weeks, it's not > worth the hassle of getting a third party to update the records, then > re-update them when I'm gone. I _may_ be here longer, and I might not > be. ah, now that changes the perspective... > I do understand people who reject hosts with no reverse DNS and I > can't really give any argument against it. I wonder how much good it > actually does, though, since my DSL line (back at home) had a reverse > lookup. i don't really understand them, other than they are refusing to cooperate with the machines of people who don't know their stuff. i have chosen not to reject if the reverse and forward don't map simply because my ratio of false positives to actual spam was bad, causing me to loose legit email, but YMMV. > Not a particularly useful name, but it does have matching A and PTR > records. I guess my point in saying this is that blocking based on > following DNS standards doesn't necessarily block open relays on DSL > connections. nope, that's what the various RBL lists are for. then again, before providers hand out static IPs they could at least ensure that the people running that machine know what they are doing too. your DSL provider understood the principle behind DNS it seems, it wouldn't be difficult for him to run periodic relay tests and to warn-then-kick customers that can't do it right. i realize that this is harsh, but even though debian doesn't require *that* much expertise to put up a full-fledged public server doesn't mean that everybody gets to do what they want. i am *pissed* at the amount of spam i get from US DSL providers, and if i could, i'd block them all (save speakeasy.net)! -- martin; (greetings from the heart of the sun.) \____ echo mailto: !#^."<*>"|tr "<*> mailto:"; net@madduck dazed and confused, but trying to continue.
Attachment:
pgpGNO2fMKjtS.pgp
Description: PGP signature