[afnog] reverse dns implications

Fri Apr 11 09:51:39 UTC 2008

Hi,

For a matter of fact AfriNic does not actually need to force a policy on downstream providers to implement reverse delegation on DNS servers, the ISP's themselves will be forced by a number of factors from the customers and clients themselves i.e 

Customer Mail servers would require the reverse DNS in case the ISP allocates the customer a public IP address for their local mail server.This not only helps combat spam but also makes it easier for the Mail host to be found by other domains, other wise mails would be rejected by those other domains the mail server sends email to.

Second customers need this DNS server services any how and if AfriNic is allocating a down stream provider say a /22 IPv4 block,
reverse delegation is also done via the my.afrinic.net customer page in correspondence with the providers DNS servers. This is important because
also while allocating clients IP addresses for use, you've to reverse delegate the IP subnet block. That is how we do it as an ISP and our clients
are very much happy.

Cheers
Maina Noah

----- Original Message ----
From: SM <sm at resistor.net>
To: Makan SIMAGA <msimaga at bvg-mali.org>; afnog at afnog.org
Sent: Thursday, April 10, 2008 10:02:16 PM
Subject: Re: [afnog] reverse dns implications

At 05:48 10-04-2008, Makan SIMAGA wrote:
>A lot of customers who manage their own Internet domains and mail 
>server have this problems and their servers are often blacklisted.
>Personally, I had in a past, a lot of problems with mail senders 
>unresolved reverse resolution.

A lot of mail servers reject connections originating from hosts 
without reverse DNS.

>Finally I accept all mails even if reverse resolution fail, and I'm 
>spammed to death.
>If reverse mappings management is made compulsory by AFRINIC to ISP, 
>it will be a very good thing and it resolve a lot of communication 
>problems with ours mail servers by permitting use of enforced rules 
>against spammers.

It would be good to have a practice where mail servers have proper 
reverse DNS.  That's for Afnog to push forward.

AfriNIC already does reverse DNS delegation.  I don't see how they 
could force a policy of reverse DNS on downstream providers.

>Problems arrived when some servers begun to be less cooperative by 
>considering asking to them to verify if sender mail exist, is a 
>threat! And they blacklist me or simply refuse to answer to my email 
>verification process.

Sender address verification (SAV) will get you blocked.

Regards,
-sm 

_______________________________________________
afnog mailing list
http://afnog.org/mailman/listinfo/afnog

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://afnog.org/pipermail/afnog/attachments/20080411/3a5626c9/attachment-0002.html>