Re: rDNS naming conventions (was: Re: SORBS Contact)
On 8/10/06, Steven Champeon [EMAIL PROTECTED] wrote: redundancy bigisp-foo-bar-baz.dyn.bigisp.net. Worst among those who actually provide rDNS in SE Asia is probably tm.net.my, who name all of their customer PTRs 'tm.net.my'. Hm. Maybe encoding the IP in the PTR There's at least one vietnamese ISP that has / had till recently set localhost as rDNS for all their IPs. -- Suresh Ramasubramanian ([EMAIL PROTECTED])
Re: rDNS naming conventions (was: Re: SORBS Contact)
On Thu, Aug 10, 2006 at 10:21:45AM -0400, Steven Champeon wrote: on Thu, Aug 10, 2006 at 01:11:50AM -0700, william(at)elan.net wrote: On Aug 9, 2006, at 1:06 PM, Matthew Sullivan wrote: This is also why I took the time to create: http://www.ietf.org/internet-drafts/draft-msullivan-dnsop-generic-naming-schemes-00.txt The reason I do not like RDNS naming scheme is because it forces one particular policy as part of the name. Fair enough. FWIW, I've seen a wide variety of naming schemes (I've got a project that collects these as an antispam/anti-botnet measure, and so far we've got around 16K conventions documented for 11K domains). first... as a draft, it carries ZERO weight. -IF- it becomes an RFC, its targeted status in INFORMATIONAL, e.g no standard of any kind. So no one is going to -force- you to implement it. hum... why does this draft remind me of the (in)famous WKS RR? what is WKS? you know, that RR type that specified the well known services running on/at the particular lable. WKS was depricated, in part due to the fact that black hats would use WKS to groom thair attack profiles. Use of the conventions outlined in this draft would be very useful in building targeted attacks. To paraphrase Randy Bush, I encourage all my competition to implement these guidelines. --bill
Re: rDNS naming conventions (was: Re: SORBS Contact)
At 15:47 + 8/10/06, [EMAIL PROTECTED] wrote: On Thu, Aug 10, 2006 at 10:21:45AM -0400, Steven Champeon wrote: on Thu, Aug 10, 2006 at 01:11:50AM -0700, william(at)elan.net wrote: On Aug 9, 2006, at 1:06 PM, Matthew Sullivan wrote: http://www.ietf.org/internet-drafts/draft-msullivan-dnsop-generic-naming-schemes-00.txt The reason I do not like RDNS naming scheme is because it forces one particular policy as part of the name. Fair enough. FWIW, I've seen a wide variety of naming schemes (I've got a project that collects these as an antispam/anti-botnet measure, and so far we've got around 16K conventions documented for 11K domains). first... as a draft, it carries ZERO weight. -IF- it becomes an RFC, its targeted status in INFORMATIONAL, e.g no standard of any kind. So no one is going to -force- you to implement it. hum... why does this draft remind me of the (in)famous WKS RR? what is WKS? you know, that RR type that specified the well known services running on/at the particular lable. WKS was depricated, in part due to the fact that black hats would use WKS to groom thair attack profiles. Use of the conventions outlined in this draft would be very useful in building targeted attacks. To paraphrase Randy Bush, I encourage all my competition to implement these guidelines. Piling on here ... The effort is to infer the intent of a packet based on ancillary data. The twin dangers here are inference of intent and exposure of the ancillary data. The first part is like asking would I want to have security research done by a company on Glenwood Road or on Shady Lane? (Ya, know shady in security.) Legend has it that one research company moved it's location because of this, or maybe it was a joke that came afterwards. The second part is what ancillary data is exposed. You can require, you can request, or you can assume you won't get the data you need. Sometimes you won't get it because the giver doesn't want the headache of providing it or because the giver is afraid of the ancillary data going to nefarious uses. My point is that inferring intent based on incomplete data is faulty, but it seems to be useable in real life. However, once heuristics get encoded in deterministic algorithms, the results generally are not so good - mostly because the encoding of the heuristics fails. The answer is to include things like RFC 3514, (Note the pub date.) or ancillary data. But the solution of adding ancillary data maybe worse than the disease. This is just one of the hard problems. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis+1-571-434-5468 NeuStar Soccer/Futbol. IPv6. Both have lots of 1's and 0's and have a hard time catching on in North America.
Re: rDNS naming conventions (was: Re: SORBS Contact)
on Thu, Aug 10, 2006 at 08:55:37PM +0530, Suresh Ramasubramanian wrote: On 8/10/06, Steven Champeon [EMAIL PROTECTED] wrote: redundancy bigisp-foo-bar-baz.dyn.bigisp.net. Worst among those who actually provide rDNS in SE Asia is probably tm.net.my, who name all of their customer PTRs 'tm.net.my'. Hm. Maybe encoding the IP in the PTR There's at least one vietnamese ISP that has / had till recently set localhost as rDNS for all their IPs. IIRC, that was fpt.vn; they replaced 'localhost' with the incredibly useful: adsl-pool-xxx.fpt.vn adsl-fix-xxx.fpt.vn dialup-xxx.fpt.vn adsl-dynamic-pool-xxx.fpt.vn \d+-\d+-\d+-xxx-dynamic.hcm.fpt.vn host-\d+-xx.hcm.fpt.vn \d+-\d+-\d+-xxx-dynamic.hcm.fpt.vn Yes, the 'xxx's are literals. e.g., $ host 210.245.14.143 143.14.245.210.in-addr.arpa domain name pointer dialup-xxx.fpt.vn. Or it may have been hnpt.com.vn, who replaced it with e.g., adsl.hnpt.com.vn Again, not terribly useful for tracking leakage via NATs. $ host 203.210.213.149 149.213.210.203.in-addr.arpa domain name pointer adsl.hnpt.com.vn. But hey, at least they *have* rDNS, I suppose that's something. I agree that judgements based entirely on rDNS are troublesome. So, too, are the side effects of chemotherapy. But we're trying to save the patient before the miracle cures arrive, and right now email is very, very sick indeed. And rDNS is a useful tool especially in a scoring-based environment. -- hesketh.com/inc. v: +1(919)834-2552 f: +1(919)834-2553 w: http://hesketh.com/ antispam news, solutions for sendmail, exim, postfix: http://enemieslist.com/ rambling, amusements, edifications and suchlike: http://interrupt-driven.com/
Re: rDNS naming conventions (was: Re: SORBS Contact)
On 8/10/06, Steven Champeon [EMAIL PROTECTED] wrote: on Thu, Aug 10, 2006 at 08:55:37PM +0530, Suresh Ramasubramanian wrote: There's at least one vietnamese ISP that has / had till recently set localhost as rDNS for all their IPs. IIRC, that was fpt.vn; they replaced 'localhost' with the incredibly useful: There seem to be a couple in the area that do it: As of 5 minutes ago: % dig +short -x 203.160.1.3 -x 203.160.1.35 localhost. localhost. inetnum: 203.160.0.0 - 203.160.1.255 netname: VNPT-VNNIC-VN country: VN