Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Best way to handle rDNS
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Best way to handle rDNS

OBHostOBHost Member, Host Rep

Every hosting company offers rDNS solution and the same we offer to our customer when they purchase VPS or Dedicated Server but what for those who just rent Subnets from OBHost?

I need rDNS Solution for subnets, If someone rent out x.x.x.x/24 from me then I should give him any portal where he can manage his x.x.x.x/24 rDNS him/her self, On regular basis we received many tickets only for rDNS Management of rented subnets.
I need this solution with cluster option as well so I should have cluster for Reverse DNS Server.

Paid or Free doesn't matter but must be well developed so the customers should relax and happy.

Comments

  • xmtxxmtx Member

    well :)

  • Just delegate to their own nameserver

    Thanked by 3FrankZ jar speedypage
  • OBHostOBHost Member, Host Rep

    @xmtx said:
    well :)

    If it's not well then..
    Huh, I am okay also with that :D

  • jackbjackb Member, Host Rep
    edited August 2022

    @OBHost said:
    On regular basis we received many tickets only for rDNS Management of rented subnets.

    There's a trade off here which you need to consider too. Having visibility of rDNS records that are being requested means you get a heads up if someone is about to start mass mailing against your ToS and can stop it before it starts. Spammy domains are usually quite obvious.

    This is usually more of a problem with VPS and dedicated servers than subnet rental but might be worth keeping in mind.

  • jarjar Patron Provider, Top Host, Veteran
    edited August 2022

    @Kousaka said:
    Just delegate to their own nameserver

    This. If you have to ask, which is totally okay by the way, it would be better to not offer it as a service and instead allow the customer to do it. I don't think you could overestimate the long term workload of running that DNS cluster, when you could just not and you wouldn't need to discount your product at all. It's easy when you can estimate the traffic it'll get but you never know, one customer will drive it up the wall and take your sanity with it. Not something I'd just casually offer as a value add.

    I've never hosted DNS for a third party and not regretted it, when DNS wasn't a primary function of the service I sold.

  • OBHostOBHost Member, Host Rep

    @Kousaka said:
    Just delegate to their own nameserver

    We tried this but some time customer is ready to blacklist the whole subnet by MASS MASS MASS MAILING.

  • ralfralf Member

    @OBHost said:

    @Kousaka said:
    Just delegate to their own nameserver

    We tried this but some time customer is ready to blacklist the whole subnet by MASS MASS MASS MAILING.

    Maybe I'm a bit naive here, but wouldn't they do that anyway, whether you're running the DNS or not?

    If you think running the DNS yourself and then just dropping requests occasionally is OK, then I'm sure you're going to get a ton of tickets about that as well as having your subnet blacklisted.

    I'd say you're probably better off making sure that spamming is listed as not allowed in your TOS, collecting statistics on outgoing mail from every IP to port 25 and then get in contact with them if people are sending excessive amounts.

    None of that seems particularly related to DNS, unless the use case is for changing the domain names associated with the IP very regularly. I'd have still thought measuring outgoing SMTP traffic is still your best metric for detecting spammers though.

    And back to the original question, I'd have thought for a normal user with a single IP, they'd just want to enter the single rDNS record. For more than one IP, I'd expect it'd be easier for most people to have it delegated to them.

  • OBHostOBHost Member, Host Rep

    @ralf said:

    @OBHost said:

    @Kousaka said:
    Just delegate to their own nameserver

    We tried this but some time customer is ready to blacklist the whole subnet by MASS MASS MASS MAILING.

    Maybe I'm a bit naive here, but wouldn't they do that anyway, whether you're running the DNS or not?

    If you think running the DNS yourself and then just dropping requests occasionally is OK, then I'm sure you're going to get a ton of tickets about that as well as having your subnet blacklisted.

    I'd say you're probably better off making sure that spamming is listed as not allowed in your TOS, collecting statistics on outgoing mail from every IP to port 25 and then get in contact with them if people are sending excessive amounts.

    None of that seems particularly related to DNS, unless the use case is for changing the domain names associated with the IP very regularly. I'd have still thought measuring outgoing SMTP traffic is still your best metric for detecting spammers though.

    And back to the original question, I'd have thought for a normal user with a single IP, they'd just want to enter the single rDNS record. For more than one IP, I'd expect it'd be easier for most people to have it delegated to them.

    Yes you are right they can do that in any way, We are collecting statistics if the server hosted at our side but if we rent them to announce on their own DC then we have limited option to trace what's going on with subnet.
    That's why we need control or rDNS but still rDNS should be manage my our customers but at least we can check what they are doing.

  • I think you're perhaps going about this from the wrong angle.
    Suitably verify your end users before you allow them to purchase/rent your subnets. This will then cut down on the likelihood of SPAM and ToS violations.
    Delegate the rDNS to their own DNS or provide your own self-service rDNS interface.
    Then, make sure you have active blacklist monitoring for all the IPs within the subnets and proactively manage these.
    I think you're obsessing over rDNS entries without looking at the root cause and it sounds like the root cause is poor customer validation/verification.

    Thanked by 1ralf
  • OBHostOBHost Member, Host Rep

    Well - Any portal suggestions or software suggestion with customer access.

  • @OBHost said:
    Well - Any portal suggestions or software suggestion with customer access.

    Delegation (or "classless delegation") already exists and fills this need. As others above have observed, sounds like you're looking for a technical solution to your abuse problem when the answer is actually better customer validation and monitoring (which doesn't require you to host the zone).

  • There is no magic solution for you, which RIR are you reselling exactly?
    Just make a simple API according to your RIR to manage SWIP and rDNS data.
    That would cover even more than your customer needs - since they can also enter
    their own data and address/country/abuse-email so that you won't handle anything,
    assuming they have their BGP set up and are using other providers and you just lease
    the IP space. Not sure why you have to worry about it in the first place.

    Thanked by 2raindog308 OBHost
Sign In or Register to comment.