Project

General

Profile

Actions

tickets #13806

closed

reverse mapping of 130.57.5.70 (opensuse.org).

Added by pjessen over 7 years ago. Updated about 6 years ago.

Status:
Rejected
Priority:
Normal
Assignee:
Category:
-
Target version:
-
Start date:
2016-09-19
Due date:
% Done:

0%

Estimated time:

Description

I brought this up on the heroes mailing list in August, maybe it was forgotten or it was decided it didn't matter -

https://lists.opensuse.org/heroes/2016-08/msg00007.html

opensuse.org is 130.57.5.70, which reverse maps to a whole list:

;; ANSWER SECTION:
70.5.57.130.in-addr.arpa. 28714 IN PTR suse.com.tr.
70.5.57.130.in-addr.arpa. 28714 IN PTR netiq.co.jp.
70.5.57.130.in-addr.arpa. 28714 IN PTR novell.kr.
70.5.57.130.in-addr.arpa. 28714 IN PTR novell.info.
70.5.57.130.in-addr.arpa. 28714 IN PTR icecore.com.
70.5.57.130.in-addr.arpa. 28714 IN PTR icecore.org.
70.5.57.130.in-addr.arpa. 28714 IN PTR kablink.com.
70.5.57.130.in-addr.arpa. 28714 IN PTR icecorps.com.
70.5.57.130.in-addr.arpa. 28714 IN PTR senforce.com.
70.5.57.130.in-addr.arpa. 28714 IN PTR sitescape.biz.
70.5.57.130.in-addr.arpa. 28714 IN PTR sitescape.com.
70.5.57.130.in-addr.arpa. 28714 IN PTR sitescape.net.
70.5.57.130.in-addr.arpa. 28714 IN PTR redirector.novell.com.
70.5.57.130.in-addr.arpa. 28714 IN PTR workloadiq.co.uk.
70.5.57.130.in-addr.arpa. 28714 IN PTR go-evolution.org.
70.5.57.130.in-addr.arpa. 28714 IN PTR novell-cebit.com.
70.5.57.130.in-addr.arpa. 28714 IN PTR powerconvert.com.
70.5.57.130.in-addr.arpa. 28714 IN PTR betterdesktop.org.
70.5.57.130.in-addr.arpa. 28714 IN PTR tagtechnologies.com.
70.5.57.130.in-addr.arpa. 28714 IN PTR mktg.novell.com.
70.5.57.130.in-addr.arpa. 28714 IN PTR suse.ae.
70.5.57.130.in-addr.arpa. 28714 IN PTR suse.al.
70.5.57.130.in-addr.arpa. 28714 IN PTR suse.br.
70.5.57.130.in-addr.arpa. 28714 IN PTR suse.co.za.
70.5.57.130.in-addr.arpa. 28714 IN PTR suse.dk.
70.5.57.130.in-addr.arpa. 28714 IN PTR suse.ee.
70.5.57.130.in-addr.arpa. 28714 IN PTR suse.gl.
70.5.57.130.in-addr.arpa. 28714 IN PTR suse.gr.
70.5.57.130.in-addr.arpa. 28714 IN PTR suse.hu.
70.5.57.130.in-addr.arpa. 28714 IN PTR suse.lv.
70.5.57.130.in-addr.arpa. 28714 IN PTR suse.mk.
70.5.57.130.in-addr.arpa. 28714 IN PTR suse.no.
70.5.57.130.in-addr.arpa. 28714 IN PTR suse.biz.
70.5.57.130.in-addr.arpa. 28714 IN PTR suse.com.br.
70.5.57.130.in-addr.arpa. 28714 IN PTR suse.com.gr.
70.5.57.130.in-addr.arpa. 28714 IN PTR suse.com.pl.

That's just not a proper DNS setup. It's not really important when it's
not a mailserver or doesn't use TLS, but a reverse map should only have
one result.

RFC1912 doesn't exactly describe the issue, but Section 2.1 does say "Make sure your PTR and A records match."
From a DNS point of view, having multiple PTR records for one address is perfectly valid,
it just doesn't work as expected.
The main thing is the client doing the reverse lookup, postfix or a
browser for instance. They only use one result, the first one. I
have seen this often enough with postfix.

http://serverfault.com/questions/618700/why-multiple-ptr-records-in-dns-is-not-recommended
(the first two answers).

https://en.wikipedia.org/wiki/Reverse_DNS_lookup#Multiple_pointer_records

If it were me, I would map 130.57.5.70 to "suse.com", that's all. Or
maybe "novell.com". Funny, neither one is in the current list of
PTRs :-)

Actions #1

Updated by tampakrap over 6 years ago

  • Assignee set to tampakrap
  • Private changed from Yes to No

meanwhile:

# host opensuse.org
opensuse.org has address 130.57.5.70
opensuse.org has IPv6 address 2001:67c:2178:8::19
opensuse.org mail is handled by 42 mx2.suse.de.

# host 130.57.5.70
70.5.57.130.in-addr.arpa domain name pointer attachmategroup.net.
70.5.57.130.in-addr.arpa domain name pointer redirector.novell.com.

# host attachmategroup.net  
attachmategroup.net has address 130.57.5.70

# host redirector.novell.com 
redirector.novell.com has address 130.57.66.19

I will file a ticket to MF-IT to remove redirector.novell.com from the PTR records

Actions #2

Updated by tampakrap over 6 years ago

ignore my previous comment, the results are different from the reality (as they come from the internal MF DNS servers)

Actions #3

Updated by tampakrap about 6 years ago

  • Status changed from New to Rejected

so MF-IT is not willing to do the change, as it will create other issues. Unfortunately I can't mention more on a public ticket, feel free to ping me on a non-public medium if you need further details

Actions

Also available in: Atom PDF