Hello everyone, this is possibly off-topic here, not entirely sure. I'm kind of confused about some of uceprotect's policies, they seem to require every IP address to have reverse DNS with matching forwards (which works fine for a wireless/broadband/dial-up ISP, but not so much for a hosting company/datacenter). They seem to penalize companies who have many small allocations from ARIN/whomever while rewarding companies who have huge swaths of IP addresses in single chunks. They don't seem to understand that in a datacenter a single machine running virtuozzo/vmware can have any number of IPs assigned to it and that not everything can be so tightly scripted/controlled. They currently take issue with 106 out of almost 54,000 IP addresses and our AS appears to be listed in their list. That seems extreme to me. My question is, has anyone had a problem with uceprotect.net's system and then been able to satisfy their requirements on an ongoing basis? We'll obviously do whatever it takes because we really have no choice. We've found ISPs with over 100,000 IPs using their list(s) so obviously it has an impact. Off-list is fine, sorry to bother anyone if this is off-topic. Thanks for your time. -Drew
Hi, I could be wrong but I think that they are only referring to the forward hostname advertised in the mail servers HELO, it is obvious that most systems have many more forward A records than reverse PTR records. Regards, Steve -----Original Message----- From: Drew Weaver [mailto:drew.weaver@thenap.com] Sent: Friday, 27 June 2008 11:37 PM To: nanog@nanog.org Subject: uceprotect.net Hello everyone, this is possibly off-topic here, not entirely sure. I'm kind of confused about some of uceprotect's policies, they seem to require every IP address to have reverse DNS with matching forwards (which works fine for a wireless/broadband/dial-up ISP, but not so much for a hosting company/datacenter). They seem to penalize companies who have many small allocations from ARIN/whomever while rewarding companies who have huge swaths of IP addresses in single chunks. They don't seem to understand that in a datacenter a single machine running virtuozzo/vmware can have any number of IPs assigned to it and that not everything can be so tightly scripted/controlled. They currently take issue with 106 out of almost 54,000 IP addresses and our AS appears to be listed in their list. That seems extreme to me. My question is, has anyone had a problem with uceprotect.net's system and then been able to satisfy their requirements on an ongoing basis? We'll obviously do whatever it takes because we really have no choice. We've found ISPs with over 100,000 IPs using their list(s) so obviously it has an impact. Off-list is fine, sorry to bother anyone if this is off-topic. Thanks for your time. -Drew
Do you actually have a problem beyond "ZOMG, dnsstuff.com says I am in uceprotect?". Its not a list that I personally would waste time with. BTW, the kind of issue that often affects "cost effective" colo shops - so-called snowshoe spam - typically HAS matching forward and reverse. srs On Fri, Jun 27, 2008 at 7:06 PM, Drew Weaver <drew.weaver@thenap.com> wrote:
Hello everyone, this is possibly off-topic here, not entirely sure.
I'm kind of confused about some of uceprotect's policies, they seem to require every IP address to have reverse DNS with matching forwards (which works fine for a wireless/broadband/dial-up ISP, but not so much for a
participants (3)
-
Drew Weaver -
Steven Lisson -
Suresh Ramasubramanian