Doug Barton wrote: > ... However, in general: > > 1. Anyone can put anything in a PTR record. There is no safe > assumption that the content is accurate.
s/anyone/the owner of the netblock/ implication: you can trust that an IN-ADDR.ARPA or IP6.ARPA PTR reflects the will of the netblock owner, though "trust" is a continuum not an absolute -- you'd be unwise to trust large sums of money to a DNS assertion unless it's also covered by valid DNSSEC signatures. > 2. In my experience (which is not thorough, but also not zero) > anti-spam folks are completely uninterested in what's in the PTR, and > generally do not do any blacklisting by domain name in the sense you > seem to mean. this is just wrong. many of us use PTR patterns to decide whether to ignore the PTR because it was machine-generated, and/or treat it as "dynamic" or "dialup". several anti-spam initiatives use PTR content to populate blackhole lists or other rejection filters. because of the practice of rejecting some connections if there is no PTR, it is now common practice to create low-information-content (low-value) PTR's which are themselves a signal of likely wrongdoing. vixie _______________________________________________ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
