On 15 Oct 2015, at 13:15, Joseph Brennan wrote:
What is Softlayer up to now?
It had looked like a safe bet to score something for a hostname ending
"static.reverse.softlayer.com", on the assumption that legitimate
senders would get the PTR changed to their own domain.
There's always the exception, and I was asked to "whitelist" host
169.54.207.231. It's used by a legitimate company that did not change
the PTR. The interesting thing is that I found that sometime this
morning its PTR and A records were changed as follows:
old: 169.54.207.231-static.reverse.softlayer.com
new: e7.cf.36a9.ip4.static.sl-reverse.com.
Hex conversion: 231, 207, 54, 169.
I don't know how pervasive this is. Obviously it evades pattern match
on the IP address being part of the name, and packing together the
last two hex strings also makes it a little harder to parse. It also
evades block by domain name, until we notice.
Other than that I don't see the purpose to this change.
1. It's more rational. Having a '231-static' zone and subzones to hold 1
A record out of each /24 block that SL owns (which is a LOT) and 255
siblings (maybe 511, if there are '$LASTOCTET-dynamic' zones also) makes
no sense and makes PTR delegation to customers screwy. Putting the
octets in proper hierarchy order makes much more sense.
2. It clearly includes consideration of IPv6 deployment, which the old
model would be entirely unfit for. That's *probably* the main motivator.
IPv6-only hosting is coming sooner rather than later.
3. 7 fewer bytes per ipv4 name. If you think that does not matter, you
don't do enough DNS to care. SL surely does enough DNS to care.
Evading email blocking isn't even on a big provider's list of priorities
when coming up with new naming practices. It's unlikely that anyone at
SL would have thought at all about how this sort of change would
interact with 3rd-party mail filtering tactics.
