Path: utzoo!utgpu!watserv1!watmath!att!linac!pacific.mps.ohio-state.edu!zaphod.mps.ohio-state.edu!rpi!bu.edu!cs.bu.edu!ckd From: ckd@cs.bu.edu (Christopher Davis) Newsgroups: comp.protocols.tcp-ip.domains Subject: Re: PTR records of gateways on the Internet Message-ID: Date: 10 Jan 91 20:38:58 GMT References: <1991Jan9.195641.17628@slcs.slb.com> <71990@bu.edu.bu.edu> Sender: news@bu.edu.bu.edu Organization: 1000000011000101, Inc. Lines: 56 In-reply-to: kwe@bu-it.bu.edu's message of 10 Jan 91 18:55:09 GMT Kent> == Kent England Kent> One of the nicest features of the inverse mapping of the Kent> backbone IP addresses is that traceroute will give you a nice Kent> name for the NSS interface as you traverse the Internet. You Kent> will be able to figure out where your path goes. It is an Kent> excellent argument for having intelligible gateway interface Kent> names throughout the Internet. Kent> For those who run the backbone, one of the nicest features of Kent> the lack of an A record for that name is that there is less Kent> likelihood that people will pour pings, telnet, ftp, and mail Kent> messages at the gateways. They still can, but it must be to an Kent> IP address and not a name. Kent> All in all a nice compromise, in my opinion. Except that (1) SunOS 4.1's gethostbyaddr wants an A record for added security against DNS spoofing (admirable, but non-optimal when you just want whatever PTRs are out there...), and (2) there ARE A records out there, for the other interfaces. Example: ; <<>> DiG 2.0 <<>> Ann_Arbor.MI.NSS.NSF.NET ;; [...] ;; Ann_Arbor.MI.NSS.NSF.NET, type = A, class = IN ;; ANSWERS: Ann_Arbor.MI.NSS.NSF.NET. 14400 A 35.1.1.50 but... ; <<>> DiG 2.0 <<>> -x ;; [...] ;; 8.81.140.129.in-addr.arpa, type = ANY, class = IN ;; ANSWERS: 8.81.140.129.in-addr.arpa. 9726 PTR Ann_Arbor.MI.NSS.NSF.NET. [...] In other words, neither half of the compromise is being served. The NSF isn't "secured" from people pounding on the NSSes, and I don't get symbolic names from traceroute without compiling with a different -lresolv (read: not Sun's). I'm not sure both sides *can* be served given the situation, but "They" should definitely choose one or the other... (Aside: doing a PTR lookup on the A record returned for "Ann_Arbor.MI.NSS.NSF.NET" gets me... "nss17.merit.edu". Consistency in the backbone does not seem to be a particular priority... -- [ Christopher Davis - - <..!bu.edu!cs.bu.edu!ckd> ] A message destined for delivery in *your* domain is fair game for anything you may want to do, up to and including translating the entire message, header and all, into Swahili. -- chip@tct.uucp (Chip Salzenberg)