Wonder which rules hes quoting? :P Its probably 'bad practise' to leave A records in place to a server that isn't wanting to see traffic destined to that hostname. But there are numerous instances of deliberately setting A records for a domain hosted in location X, to a server located in location Y. If there are A records theyre probably legacy, to some historic and once-valid server. Certainly if the administrator of a server somewhere sees someone putting A records into the DNS pointing at their box, I think it'd be fair to honour valid requests to have those A's removed - but theres no 'rule' im aware of around this. I think its much like other 'netiquette' issues and something which is not set in stone yet is expected as a matter of course online, being considerate to your fellow netizen, etc. If the A records cause problems and the person administering the system in question is complaining, the right thing to do is pull the records. And whilst the 'victim' of the 'problems' is probably quite unhappy about unwanted traffic (it may be a DoS or costing them $) theres no obligation (other than moral) to do it. That said if it is a DoS of some sort and you don't take reasonable actions to assist where youre in a position to do so, well, thats another set of risks in the eyes of the law... (Be glad we're not in the USA). IMHO Only. Mark. On Tue, 22 Nov 2005, Stu Fleming wrote:

I have a...friend, let's say...who operates a DNS server at a small ISP. In a few of the zone files, there are A records that resolve to IP addresses outside of the Class C that my..friend...controls. My friend has been told that this is "against the rules" and that it is "causing problems".

Questions: - is resolving an A record outwith the delegated IP range "against the rules"? - if so, is there any documentation of the rules? - what potential problems could this cause to the network that contains the IP address to which the A records point?

Thanks for any advice. Regards, Stu

_______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog

On Tue, 22 Nov 2005, Stu Fleming wrote:

I have a...friend, let's say...who operates a DNS server at a small ISP. In a few of the zone files, there are A records that resolve to IP addresses outside of the Class C that my..friend...controls. My friend has been told that this is "against the rules" and that it is "causing problems".

Questions: - is resolving an A record outwith the delegated IP range "against the rules"? - if so, is there any documentation of the rules?

No. Depends exactly what the DNS is being used for though. If you pointed www.dodgy.co.nz at 203.57.241.200 [1] for example then you might have the owner of that IP after you. However if the IPs owner doesn't mind there isn't anything wrong and even then it is probably okay. If you are just pointing www.somedomain.co.nz at the web hosting company that is hosting somedomain's website then that is 100% normal and very common.

- what potential problems could this cause to the network that contains the IP address to which the A records point?

If depends what people use the records for really. I could create an A record off darkmere.gen.nz records for every IP in 202/7 but it would affect everybody. On the other hand if I setup a RBL (that people used) and put Ihug's mail server in it then it might cause a problem. [1] One of the BNZ's web servers. DNS picked at random. -- Simon J. Lyall | Very Busy | Web: http://www.darkmere.gen.nz/ "To stay awake all night adds a day to your life" - Stilgar | eMT.

As previously mentioned, you're not breaking any rules and depending on the circumstances it may be a perfectly correct thing to do. The person with the "problem" may be miffed that a reverse lookup dosn't resolve to your hostname even though you have an A record pointing at the IP. Perhaps you should see what the PTR record for the IP address is. They may want you to convert your A record to a CNAME for the hostname the reverse lookup resolves to so that the A -> PTR mapping is 1 to 1 and all other forward name resolutions are CNAMEs. This may suit both of you fine or it may be a really bad idea depending on circumstances. Jono Stu Fleming 22/11/2005 08:02 PM To: nznog(a)list.waikato.ac.nz cc: Subject: [nznog] DNS serving IPs outside controlled range I have a...friend, let's say...who operates a DNS server at a small ISP. In a few of the zone files, there are A records that resolve to IP addresses outside of the Class C that my..friend...controls. My friend has been told that this is "against the rules" and that it is "causing problems". Questions: - is resolving an A record outwith the delegated IP range "against the rules"? - if so, is there any documentation of the rules? - what potential problems could this cause to the network that contains the IP address to which the A records point? Thanks for any advice. Regards, Stu _______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog This email may contain privileged/confidential information. You may not copy or disclose this email to anyone without the written permission of the sender. If you have received this email in error please kindly delete this message and notify the sender. Opinions expressed in this email are those of the sender and not necessarily the opinions of the employer. This email and any attached files should be scanned to detect viruses. No liability will be accepted by the employer for loss or damage (whether caused by negligence or not) as a result of email transmission.