Skip to main content
Beantwoord

Reverse DNS incorrectly configured on 86.80.0.0/13 and 2a02:a440::/26

I
Nieuwkomer
Hi,

IP connectivity (KPN) at home provides the following IP addresses.

IPv4: 86.84.126.13
IPv6: 2a02:a450:37ed:1:85bf:d714:75f0:e824

A reverse DNS (PTR) lookup on the IPv4 address gives: ip56547e0d.speed.planet.nl.
A forward DNS lookup on: ip56547e0d.speed.planet.nl is NOT resolved.

A reverse DNS (PTR6) lookup on the IPv6 address gives: custprd-2a02-a450-37ed-0001-85bf-d714-75f0-e824.reverse.kpn.net.
A forward DNS lookup on: custprd-2a02-a450-37ed-0001-85bf-d714-75f0-e824.reverse.kpn.net is NOT resolved.

This gives rise to the following problems :-

1. Certain IP Blacklists (e.g. SpamRat.com) label all IP addresses within these ranges as toxic spammer addresses. Purely due to the reverse DNS configuration.
2. Certain services e.g. Linux SSH flag access from these addresses as potential hack attempts.

  • From a branding standpoint I thought that KPN was moving to a single brand identity, thus I would expect Planet and Hetnet etc. to have disappeared by now.
  • From a reputation management standpoint it is not good to have large ranges of the KPN IP space flagged as toxic IP space.
  • From a customer standpoint it is bad to have an otherwise excellent product tarnished by these small niggles.
  • From a technical standpoint while it is not mandated by the RFCs to have symmetric pairs for reverse DNS (i.e. A/PTR and AAAA/PTR) it is recommended and follows best practice.
I know that this issue has been bouncing back and forth in the forum for several yeas now - but without any resolution!

This is not a nice to have feature - this is a normal expectation from any ISP and it does have a direct impact on customers.

Yours with undying hope
Ian Tree

Beste antwoord door Erwin van KPN

Hi @IanTree . I am currently mailing with a technical department. I haven't heard from them yet.
To be honest, Im not very hopefull but when I get a reply I will share it with you.
Bekijk origineel
    Dit topic is gesloten. Staat je antwoord hier niet bij, gebruik dan de zoekfunctie van de Community of stel je vraag in een nieuw topic.

    11 reacties

    Erwin van KPN
    Moderator
    Hi, @IanTree . I'm afraid this is a bit too technical for me.
    Can you please elaborate what kind of practical issues this causes for you? Keeping in mind this is a forum for consumer subscriptions?
    Blij met een antwoord? Geef een like! Is een bericht het beste antwoord op je vraag? Markeer het dan als oplossing.
    Erwin van KPN
    Moderator
    @wjb : Any ideas? 🙂
    Blij met een antwoord? Geef een like! Is een bericht het beste antwoord op je vraag? Markeer het dan als oplossing.
    wjb
    Superuser
    • wjb
    • 74646 reacties
    • 21 juni 2019
    The case that reverse DNS is not working for a part of the customers of KPN is quite annoying as several services require reverse DNS like for example running a mailserver.
    This has been discussed several times on the forum and the outcome is that KPN will not resolve this issue as it takes to much effort. 😖
    Be positive, avoid negativity, enjoy life and stay healthy!
    I
    Nieuwkomer
    • IanTree
    • Auteur
    • Nieuwkomer
    • 3 reacties
    • 22 juni 2019
    Hi @Erwin_,

    A sample of problems experienced as a result of the reverse DNS misconfiguration are :-

    1. Users of SMTP/POP/IMAP clients such as Outlook or Thunderbird may not be able to send e-Mails, these can be rejected by the mail server. Usually the error message will refer to a DNSBL failure.
    2. Users may not be able to register with some websites on the internet, the failure will often refer to the user is suspect of being "a spammer or a bot".
    3. Users may be prevented from posting comments on certain forums or other websites again because they are suspected of being a bot or comment spammer.
    @wjb,

    I know that the problem has been kicked around for forum for a long time, with no result. I put the 4 bullets on branding/reputation/customer satisfaction/technical to emphasise why KPN should take this seriously.
    The excuse that it would take too much effort just won't fly. This type of DNS resolution is performed by a small script on the DNS servers and takes very little time and effort to implement.
    Erwin van KPN
    Moderator
    • Erwin van KPN
    • Moderator
    • 27589 reacties
    • Antwoord
    • 28 juni 2019
    Hi @IanTree . I am currently mailing with a technical department. I haven't heard from them yet.
    To be honest, Im not very hopefull but when I get a reply I will share it with you.
    Blij met een antwoord? Geef een like! Is een bericht het beste antwoord op je vraag? Markeer het dan als oplossing.
    wjb
    Superuser
    • wjb
    • 74646 reacties
    • 28 juni 2019
    And I really hope that KPN will solve this issue as it is really blocking some functionality and that is, as mentioned before, quite annoying.
    Be positive, avoid negativity, enjoy life and stay healthy!
    Erwin van KPN
    1 persoon vindt dit leuk
    • Erwin van KPN
      Erwin van KPN
    I
    Nieuwkomer
    • IanTree
    • Auteur
    • Nieuwkomer
    • 3 reacties
    • 29 juni 2019
    Hi @Erwin_,

    Thanks for taking this up with the "Techs". I keep my fingers crossed.

    @wjb, Thanks for the support,
    I
    Nieuwkomer
    • IanTree
    • Auteur
    • Nieuwkomer
    • 3 reacties
    • 10 september 2020

    CONGRATULATIONS KPN - WELL DONE!!!!!!! :grinning:

    I am not sure when the change happened BUT it has been fully resolved.

    Name:    86-84-126-13.fixed.kpn.net
    Address:  86.84.126.13
    Resolves both forwards and reverse.

    Name:    2a02-a450-37ed-1-b4a6-c071-62e9-60d2.fixed6.kpn.net
    Address:  2a02:a450:37ed:1:b4a6:c071:62e9:60d2
    Also resolves both forwards and reverse.

     

    THANKS KPN and a big WELL DONE.

     

    Erwin van KPN
    1 persoon vindt dit leuk
    • Erwin van KPN
      Erwin van KPN
    I
    Deelnemer
    • Ice_Blade
    • Deelnemer
    • 4 reacties
    • 23 januari 2022

    Hi KPN,
    It appears that the Reverse DNS records for IPV6 do not resolve back to IPs again. Can this be fixed please?
    [ Het lijkt erop dat de Reverse DNS records voor IPV6 niet meer resolven naar de oorspronkelijke IP adressen. Kan dit hersteld worden? ]

    Thanks!

    https://mxtoolbox.com/SuperTool.aspx?action=a%3a2a02-a459-57cd-0-1ee7-c0ff-fee0-1.fixed6.kpn.net&run=toolpage 

     

    wjb
    Superuser
    • wjb
    • 74646 reacties
    • 23 januari 2022

    Je moet ook niet een gewone DNS lookup doen maar een AAAA lookup voor IPv6.

     

    Be positive, avoid negativity, enjoy life and stay healthy!
    I
    1 persoon vindt dit leuk
    • I
      Ice_Blade
    I
    Deelnemer
    • Ice_Blade
    • Deelnemer
    • 4 reacties
    • 23 januari 2022
    wjb schreef:

    Je moet ook niet een gewone DNS lookup doen maar een AAAA lookup voor IPv6.

     

    *facepalm*  Ik dacht dat ie dat automatisch deed en alle (A/AAAA) records zou teruggeven…
    Thanks!

    De Kennisbank

    Heb je vragen over diensten, producten of wil je weten hoe je modeminstellingen verandert? Vind het antwoord op de meest gestelde vragen in onze Kennisbank

    ...

    Community voorwaarden