Is it too much to ask for a broadband supplier to get forward and reverse DNS registrations for their own addresses right?
$ who
jw35 pts/0 2010-08-09 19:32 (81.98.240.47)
$ dig +short -x 81.98.240.47
cpc2-cmbg4-0-0-cust814.know.cable.virginmedia.com.
$ dig +short cpc2-cmbg4-0-0-cust814.know.cable.virginmedia.com
81.98.243.47
Result: OpenSSH restriction based on hostname fails because the client hostname can't be established and I waste an hour trying to debug the problem.
Actually it's worse than that:
$ dig +short -x 81.98.243.47
cpc2-cmbg4-0-0-cust814.cmbg.cable.virginmedia.com.
$ dig +short cpc2-cmbg4-0-0-cust814.cmbg.cable.virginmedia.com
81.98.243.47
Argh!
Update 2010-08-10: It looks as if the problem may be resolving. The authoritative name servers for 240.98.81.in-addr.arpa (ns[1,2,3,4].virginmedia.net) seem to be serving consistent results:
$ dig +short +norecurse @ns1.virginmedia.net -x 81.98.240.47
cpc2-cmbg4-0-0-cust46.cmbg.cable.virginmedia.com
$ dig +short +norecurse @ns1.virginmedia.net cpc2-cmbg4-0-0-cust46.cmbg.cable.virginmedia.com
81.98.240.47
Unfortunately they serve this information with 7 day TTLs and it's going to be several more days before the bogus information if finally purged from DNS server caches.
Monday, 9 August 2010
Subscribe to:
Posts (Atom)