From owner-freebsd-questions Wed Nov 22 3:16:34 2000 Delivered-To: freebsd-questions@freebsd.org Received: from boat.mail.pipex.net (our.mail.pipex.net [158.43.128.75]) by hub.freebsd.org (Postfix) with SMTP id 41E0B37B4CF for ; Wed, 22 Nov 2000 03:16:31 -0800 (PST) Received: (qmail 5079 invoked from network); 22 Nov 2000 11:16:29 -0000 Received: from mailhost.puck.pipex.net (HELO mailhost.uk.internal) (194.130.147.54) by our.mail.pipex.net with SMTP; 22 Nov 2000 11:16:29 -0000 Received: (qmail 9370 invoked from network); 22 Nov 2000 11:16:29 -0000 Received: from camgate2.cam.uk.internal (172.31.6.21) by mailhost.uk.internal with SMTP; 22 Nov 2000 11:16:29 -0000 Received: by camgate2.cam.uk.internal with Internet Mail Service (5.5.2650.21) id ; Wed, 22 Nov 2000 11:15:17 -0000 Message-ID: From: Daniel Bye To: 'Zero Sum' , questions@FreeBSD.ORG Subject: RE: Demonic Naming service. Date: Wed, 22 Nov 2000 11:09:27 -0000 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Not all IPs have reverse DNS setup. Whether or not a given address can be resolved backwards through DNS depends on who owns the CIDR block that it comes from, and on their policy with regard to reverse DNS. Generally, mail servers have reverse DNS configured, but there is no reason (except manners and convenience) to do the same for ALL addresses in a given net- range. If the owner of the CIDR block religiously sets up reverse DNS, all is good. However, many ISPs leave this decision to the individual customer- and it then becomes their responsibility to look after the reverse DNS. So, just because you can't resolve an IP address to a name doesn't mean that it is spoofed (incidentally, are they logegd as TCP connections? If so, it is very hard to spoof TCP connections, because of the need for acknowledgement packets after each data packet...). All it means is that the authority that owns the CIDR block, or the authority that owns the net block, hasn't set up reverse DNS, for whatever reason. Dan. -----Original Message----- From: Zero Sum [mailto:count@shalimar.net.au] Sent: 22 November 2000 10:57 To: questions@FreeBSD.ORG Subject: Demonic Naming service. Please enlighten; I have looked up IPs I found in my firewall logs and, no surprise, some of them do not reverse resolve. No surprise, faked IP, presumably. BUT, I can traceroute and ping the IPs. So they must exist. My conclusion; I have something stuffed in my DNS. Is my conclusion correct? Is my reasoning correct? I've just noticed that my machine has had an smtp conversation with an unresolvable host "202.98.16.1". Ethereal shows a normal mail conversation (w/out going inside the packets). Does that confirm I have a bum DNS setup? Or since my ISP couldn't resolve it, does it confirm that their DNS is stuffed? Geoff -- count@shalimar.net.au Nihil curo de ista tua stulta superstitione To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message