Hi Joel,
On Wed, Sep 22, 2021 at 10:12:26AM -0400, Joel Sommers wrote:
> Besides the common "reserved" keyword in the FQDN, we also see
> names like "not-in-use.example.tld", again with quite a few
> addresses all mapped to that one name.
I assume you are seeing this by resolving the reverse DNS of each IP
address in the range.
> The naming appears to suggest that this is an on-the-cheap IP
> address management practice, but we are wondering if there are
> other operational reasons that might be behind what we observe.
The purpose is generally informational, for those without access to
the internal address management system (or quick hint to those who
do have access).
If one sees traffic from such an IP address and then sees it
being marked as reserved or not in use, then one knows that
something is up, either with the presence of the traffic or the lack
of an update to the reverse mapping. If there had been simply no
reverse mapping then this information would not have been conveyed.
It doesn't imply a lack of an address management system or an
attempt to use DNS to manage "on the cheap" - though it doesn't
exclude those possibilities either.
Yup. Some IPAM tools will generate / populate zone files with this sort of thing for you.
I suspect that the "on the cheap" is more places that don't have working reverse DNS at all....
W
Thanks,
Andy