Monday, 9 August 2010

If only Virgin Media were competent...

Is it too much to ask for a broadband supplier to get forward and reverse DNS registrations for their own addresses right?

$ who
jw35 pts/0 2010-08-09 19:32 (81.98.240.47)
$ dig +short -x 81.98.240.47
cpc2-cmbg4-0-0-cust814.know.cable.virginmedia.com.
$ dig +short cpc2-cmbg4-0-0-cust814.know.cable.virginmedia.com
81.98.243.47


Result: OpenSSH restriction based on hostname fails because the client hostname can't be established and I waste an hour trying to debug the problem.

Actually it's worse than that:

$ dig +short -x 81.98.243.47
cpc2-cmbg4-0-0-cust814.cmbg.cable.virginmedia.com.
$ dig +short cpc2-cmbg4-0-0-cust814.cmbg.cable.virginmedia.com
81.98.243.47


Argh!

Update 2010-08-10: It looks as if the problem may be resolving. The authoritative name servers for 240.98.81.in-addr.arpa (ns[1,2,3,4].virginmedia.net) seem to be serving consistent results:
 

$ dig +short +norecurse @ns1.virginmedia.net -x 81.98.240.47
cpc2-cmbg4-0-0-cust46.cmbg.cable.virginmedia.com
$ dig +short +norecurse @ns1.virginmedia.net cpc2-cmbg4-0-0-cust46.cmbg.cable.virginmedia.com
81.98.240.47


Unfortunately they serve this information with 7 day TTLs and it's going to be several more days before the bogus information if finally purged from DNS server caches.