[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] Lame Delegation gone too far???
- Subject: Re: [cobalt-users] Lame Delegation gone too far???
- From: Jeff Lasman <jblists@xxxxxxxxxxxxx>
- Date: Tue Apr 4 10:58:34 2000
- Organization: nobaloney.net
I've just read some knowledgeable responses that didn't really answer
your question, some bad responses, and at least one downright
off-the-wall response, so I thought I'd answer.
If you remove the reverse DNS all that'll happen is that is IP# won't
resolve. If you're doing name-based hosting, hopefully you've set up
DNS properly, and you've only got ONE PTR record for the IP#, and it
points back to you, which is what you should do if you're doing
name-based hosting.
If you're doing IP#-based hosting and you're doing reverse DNS for his
IP# or even IP#ss, and no-one else is using those IP#s, then you should
reverse them to hisdomain.com for each IP#. Not <host.hisdomain.com>,
because he's running on YOUR system (host), not his own. Again, if
you're doing this properly you should only have ONE PTR record for each
IP#.
If you remove his IP# from reverse DNS (go ahead and do it; he'll be
quite sorry), all that'll happen is that his IP# won't resolve, so it'll
take him a lot longer to telnet and/or ftp into his account, and some
search engines will have trouble listing his sites.
He can set up his own reverse records for his IP# all over the net, and
no one will find them; they can only be found by traversing the
in-addr.arp domain (bet you don't even know what that is <smile>. And
that either points to you or your upstream (depending on whether or not
your upstream ever delegated reverse DNS authority to you; again, do you
even know?). So no one in the world will ever find those reverse DNS
records.
Ignore the guy. He doesn't know what he's talking about. Unless of
course he asks you to delegate authority to him for his IP# or IP#s.
Our policy is not to delegate reverse DNS to anyone unless they ask for
it, and unless they have at least a C-block from us. We of course can
and do make exceptions, but that's our general rule.
However, there's not much he can do, even with reverse DNS; as others
have pointed out, the browser will end up either at your main site (if
you use name-based hosting, in which case you don't even have an IP# to
give him reverse authority on), or his main site. Only you can point
other people to their own subsites.
The main thing he can do with it is, if he's a spammer, he can set
reverse DNS to point back to someone else, who will then get a lot of
spam complaints; that happened to me a few weeks ago.
Let him do what he wants. If he's got a C-block let him have reverse
DNS if he wants it, and if you know how to delegate it. If he wants to
be removed from your reverse DNS zone file you can point out that it's
not your policy, or do it. NBD (no big deal).
Jeff
abcwebspace wrote:
> Hi
>
> I have a customer who hosts with us, lets say abc.com, who has just asked
> us to remove the reverse look-up from abc.com because he has set up a
> records at granitecanyon.com (a free name server service I think)for another
> domain name for this IP number to point to!! So, okay it's early morning
> here in the UK but this guy is ripping off my IP's - yeah??? Maybe I,m wrong
> but using granitecanyons name servers and system he could set up as many
> names as he wants pointing to this one IP number for which he has paid to
> host one domain name on - abc.com?? When I check this guys site he is
> setting up opensrs to register names etc and using granitecanyons name
> servers and maybe using my IP for his domain forwarding!!! If anyone has any
> experience of dealing with this it would be much appreciated. Okay if none
> of this made sense I'm blaming the coffee!!!
>
> thanks
> Gary
--
Jeff Lasman <jblists@xxxxxxxxxxxxx>
nobaloney.net
P. O. Box 52672
Riverside, CA 92517
voice: (909) 787-8589 * fax: (909) 782-0205