Is it too much to ask for a broadband supplier to get forward and reverse DNS registrations for their own addresses right?
jw35 pts/0 2010-08-09 19:32 (22.214.171.124)
$ dig +short -x 126.96.36.199
$ dig +short cpc2-cmbg4-0-0-cust814.know.cable.virginmedia.com
Result: OpenSSH restriction based on hostname fails because the client hostname can't be established and I waste an hour trying to debug the problem.
Actually it's worse than that:
$ dig +short -x 188.8.131.52
$ dig +short cpc2-cmbg4-0-0-cust814.cmbg.cable.virginmedia.com
Update 2010-08-10: It looks as if the problem may be resolving. The authoritative name servers for 240.98.81.in-addr.arpa (ns[1,2,3,4].virginmedia.net) seem to be serving consistent results:
$ dig +short +norecurse @ns1.virginmedia.net -x 184.108.40.206
$ dig +short +norecurse @ns1.virginmedia.net cpc2-cmbg4-0-0-cust46.cmbg.cable.virginmedia.com
Unfortunately they serve this information with 7 day TTLs and it's going to be several more days before the bogus information if finally purged from DNS server caches.