[Pdns-users] Reverse Lookup zone subnetted

bryantz-pdns at zktech.com bryantz-pdns at zktech.com
Fri Jul 19 15:15:50 UTC 2019 

Brian

Thank you again for your response, and also thank you for yesterday pointing me to the support in open policy for the group. 
Currently I don't have any evidence as I have not done the packet captures. 

Two of the three outside parties complaining claim their servers look up the authoritative name servers for the domain in the email address and then their systems dig for reverse lookup against these name servers. 

It seems out of spec. but I have 2 parties saying this is normal and how it has been done for years. The third is showing the same behavior, but has not stated why they think it is occurring yet.  I have asked them for more information and they have side they will get it to us. I will look to do some packet captures as well. 

My guess is our previous servers were running bind and look like they may have allow recursive lookups for any requests to the reverse zones. I am looking into the configs to see how they were pulling that off with the rest of recursion being blocked. Unfortunately the guy who set up our bind servers left several years ago. 

Thanks
Bryant

----------------------------------------
From: Brian Candler <b.candler at pobox.com>
Sent: 7/19/19 11:00 AM
To: bryantz-pdns at zktech.com, pdns-users <pdns-users at mailman.powerdns.com>
Subject: Re: [Pdns-users] Reverse Lookup zone subnetted
On 19/07/2019 15:52, bryantz-pdns at zktech.com wrote:
> Where we are getting into issues is that customers we host e-mail
> servers for are having issues as some email service providers appear
> to be forcing their reverse lookups directly against our powerdns servers.

Can you provide your evidence for that assertion?  Do you have packet
captures?

I can't see any way they could know about your nameservers, unless they
followed the in-addr.arpa delegation which ended up with your CNAME.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20190719/3d734011/attachment.html>

More information about the Pdns-users mailing list