Re: [tlug] mail(): Received (may be forged) question

[Sam Tilders <sam@example.com>]

On Mon, 7 Apr 2003 13:22, Jean-Christian Imbeault wrote:
> Sam Tilders wrote:
> > $ host 219.118.175.244
> > Name: ns.tokyo-av-land.com
> > Address: 219.118.175.244
> >
> > It looks like the name isn't in the DNS, but the reverse is.
>
> I don't know much about DNS but ... how is this possible. How can the
> reverse be in the DNS but not the name?

The reverse DNS zone is 175.118.219.in-addr.arpa, the forward zone is 
tokyo-av-land.com. They are managed separately and can even be hosted by 
different NS servers, as seems to be the case here.

dig ns 175.118.219.in-addr.arpa
and
dig ns tokyo-av-land.com
will show what I mean.


> But what I don't understand is where the name ns.tokyo-av-land.com
> coming from? Is some DNS server somewhere sending wrong (outdated)
> information?

Where I  showed the "host 219.118.175.244" command above you can see that the 
answer was "ns.tokyo-av-land.com". The DNS servers for the reverse domain 
"175.118.219.in-addr.arpa" which includes that ip address 219.118.175.244 
have that name, ns.tokyo-av-land.com in the zone.

> If I can figure out why a reverse lookup of my ip gives the wrong FQDN
> then maybe I can get this fixed?

The SMTP server accepting the mail only knows who is sending it by looking up 
the name associated to the IP address in the reverse zone. It does some 
validation by checking the name forwards to see if it comes up with the same 
answer. If they don't match, that causes the "may be forged".

Putting an entry in the forward zone, for 
ns.tokyo-av-land.com=219.118.175.244, will probably sort this out.

Either that or contacting the admin of the reverse zone and getting them to 
change the name listed in the reverse to something matching the forward 
lookup.

-- 
--
Sam Tilders
sam@example.com