Reverse address entries

[Sam Wilson]

In article <mailman.737.1372773227.20661.bind-users at lists.isc.org>,
 Daniel McDonald <dan.mcdonald at austinenergy.com> wrote:

> On 7/2/13 8:42 AM, "Sam Wilson" <Sam.Wilson at ed.ac.uk> wrote:
> 
> > There may be a subtle language thing going on here.  I read the original
> > post above as saying, literally, "you need PTR records because various
> > software tries to match A and PTR records".  It doesn't say "you need
> > PTR records because some systems require PTR records (and if you have
> > them they will also need to match the A records)".  PTR records are nice
> > but they aren't a general requirement.
> > 
> > Can anyone here give examples of the types of various software that will
> > not operate without a PTR record?
> 
> I've had trouble with OSI-Soft PI historian without reverse entries.  If
> there is no reverse, then the PI software would spend about 30 seconds
> looking in vain for a DNS answer before sending a SYN-ACK packet.  Since the
> embryonic timer on a Cisco firewall is usually 20 seconds, the sessions
> would simply not come up. I've seen similar things with openssh.

That seems fairly weird.  If there is no DNS entry then that should be 
determinable in the same time as getting a valid entry.  If there's 
broken DNS resolution that's much more likely to cause the 30s timeout, 
which is very likely due to the system trying to log the name of the 
incoming client.

> The other place reverse DNS is routinely queried is SMTP.  If you care
> enough to send mail, you should care enough to set up your reverse entries
> realistically so that spam filters will recognize that you are trying to
> actively manage your email server and this isn't mail from a BOT...

Routine query, yes; refusal of service based (solely?) on lack of a PTR 
record is not, so far as I can tell, widespread.

Sam

-- 
The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.