On Wed, Sep 22, 2021 at 11:15 AM Andy Smith <andy@strugglers.net> wrote:
Hi Joel,

On Wed, Sep 22, 2021 at 10:12:26AM -0400, Joel Sommers wrote:
> Besides the common "reserved" keyword in the FQDN, we also see
> names like "not-in-use.example.tld", again with quite a few
> addresses all mapped to that one name.

I assume you are seeing this by resolving the reverse DNS of each IP
address in the range.

> The naming appears to suggest that this is an on-the-cheap IP
> address management practice, but we are wondering if there are
> other operational reasons that might be behind what we observe.

The purpose is generally informational, for those without access to
the internal address management system (or quick hint to those who
do have access).

If one sees traffic from such an IP address and then sees it
being marked as reserved or not in use, then one knows that
something is up, either with the presence of the traffic or the lack
of an update to the reverse mapping. If there had been simply no
reverse mapping then this information would not have been conveyed.

It doesn't imply a lack of an address management system or an
attempt to use DNS to manage "on the cheap" - though it doesn't
exclude those possibilities either.

Yup. Some IPAM tools will generate / populate zone files with this sort of thing for you.

This sort of thing used to be more common when people would use things like  "101.92.140.39.dynamic.isp.com" or "cable-78-109-33-05.provider.net" to signal that the address was in use by dynamic customer (and so shouldn't be sending mail directly),  "reserved-10.10.10.100.example.com" (or 'unused' or whatever) to signal that it isn't in use (and so shouldn't be sending mail at all), and "mx-17.exmaple.net" to signal that it is a "real" mailserver.
I suspect that the "on the cheap" is more places that don't have working reverse DNS at all....

W


Thanks,
Andy


--
The computing scientist’s main challenge is not to get confused by the
complexities of his own making.
  -- E. W. Dijkstra