[NCSA-discuss] Host naming convention

Steven Champeon schampeo at hesketh.com
Tue Jun 10 11:26:40 EDT 2008 

on Tue, Jun 10, 2008 at 11:11:33AM -0400, Steve.Clark at wolseley.com wrote:
> We are going through a review of host naming conventions and it has
> sparked some lively discussions between architecture, design, and
> operations.  To break it down simply here; one side proposes an ultimate
> in generic approach with no meaning attached to the name where all
> pertinent information is contained within a configuration database
> (CMDB). Any process would use the CMDB to drive meaning into host; the
> 2nd side proposes using some meaning even if it means that not all
> pertinent information can be contained within the host name. i.e. It's
> valuable to know that you are working on a test LINUX machine right from
> the name. 
> 
> The number of nodes is from 100's to 1000's depending on area. 
> 
> I'm curious to know what has worked from your perspective. 

I run a project (enemieslist) that catalogues rDNS naming conventions as
regular expressions, and classifies them in terms of various attributes
such as dynamic/static and whether they're dialup/dsl/cable/etc. This
data is licensed to various antispam companies and is used by them to
score the likelihood of a given host being a bot in a zombie botnet.

I can say that if you're an ISP, and you expect your customers to
have their mail delivered, you'll want to give them custom (i.e., not
generic, provider-assigned) rDNS for their mail server(s). Same goes
for if you're a private corporate entity; generic rDNS is becoming a
real strong indicator of either incompetence or malice when it is seen
trying to send mail, among other activities. 

Finally, if at all possible, use the first subdomain to the left of
your domain to indicate dynamic/static assignment (rather than using
the first token on the left, or using other tokens in between - this
makes it easy to have a single substring to reject mail from dynamics
in your domain, rather than dozens or even hundreds).

e.g.:

 1-2-3-4.rdu.nc.dyn.example.net is better than

 dyn-1-2-3-4.rdu.nc.example.net or

 1-2-3-4.dyn.rdu.nc.example.net

and

 mail01.example.org

is going to be a better PTR for example.org's mailhost than

 1-2-3-4.cust.static.example.net

where example.net is the ISP. And be warned that simply saying an IP
is statically assigned as part of the rDNS isn't going to help much;
we see nearly as much abuse from obvious statics as obvious dynamics.
Seems some people don't know how to secure their NATs. :/

But that's the limit to my experience or concern with generic rDNS :)

HTH,
Steve

-- 
hesketh.com/inc. v: +1(919)834-2552 f: +1(919)834-2553 w: http://hesketh.com/
antispam news, solutions for sendmail, exim, postfix: http://enemieslist.com/

More information about the ncsa-discussion mailing list