When You Get a New Subnet, Cleanse Thy rDNS

I have a couple public subnets assigned to my physical rackspace as part of my consultancy. I lease a /27 and a /29 (and technically a /30, but that’s just for my top-of-rack firewall / router). Not a huge portion of the internet by any means, but it’s my little world of TCP/IP connectivity on the big, scary internets and I like to treat it preciously.

Of course, someone else in the past has had ownership of these addresses. Who? I don’t really know, nor do I care to know. I just care, so some minor extent, about the reputation of my IP addresses right now. I say “minor” because I’m not doing mail services from the servers, except for one that runs a forum and needs to send notifications of new posts and signups to the forum members. Other than that, it’s not a big deal unless I manage to snag a higher profile client that uses a range of IPs that have such a poor reputation that major blacklisting services are blocking access to the website or service… which seems unlikely for a gaggle of reasons.

One day recently I was doing a port and address audit on the internal and customer servers and appliances in my rack. I used a simple invocation of nmap to check and see if my syntax for passing an entire subnet was correct.

nmap -sL

To quote the nmap documentation:

-sL: List Scan – simply list targets to scan

What the man page doesn’t say explicitly is that, unless the -n option is selected along with -sL, a reverse DNS lookup is performed on each host that the invocation was given. Imagine my surprise when I saw a laundry list of unfamiliar DNS names associated with my subnet’s IP addresses. Apparently the previous users of the IP addresses in my subnet still had vestiges of their history in rDNS that had never been removed.

DNS is important, mmkay? Yes, theoretically with every host that occupies an IP address I should send a request to my datacenter to change the reverse records, but sometimes when testing and sandboxing, that doesn’t happen. Then when a mysterious problem crops up that could be due to rDNS not matching forward lookups, you send yourself to the hospital with a concussion from a devastating facepalm.

You can bet I’ll be contacting my datacenter about this little issue. In my opinion, this shouldn’t have happened at all. Maybe I’m picky, but I think customers should be handed netblocks that don’t have ghosts of their former owners haunting the premises.

Nevertheless, your homework right now is to nmap -sL your public IP subnets and see if all of your rDNS entries match with your expectations. Aaaaand… go! (I’d be curious to know what your experience is as well.)


  1. Craig Constantine

    February 10, 2014 at 11:30 am

    RFC 2317!

    Why not request your provider add a CNAME record in the reverse zones for everyone one of your addresses? (ala: CNAME to ip-1-2-3-4.ptrs.example.com ) Then you can manage your .ptrs.example.com zone and control reverse DNS as you like.


    • Wesley David

      February 10, 2014 at 12:35 pm

      Eeeenteresting. I’ve not heard of that. I’ll have to look into it.


Leave a Reply

Follow TheNubbyAdmin!

follow us in feedly

Raw RSS Feed:

Contact Me!

Want to hire me as a consultant? Have a job you think I might be interested in? Drop me a line:

Contact Me!

Subscribe via Email

Your email address is handled by Google FeedBurner and never spammed!

The Nubby Archives

Circle Me on Google+!

Photos from Flickr

Me on StackExchange

The IT Crowd Strava Group

%d bloggers like this: