[TriLUG] OT: DNS reverse lookups
Geoff Purdy
geoff.purdy at verizon.net
Mon May 20 15:01:24 EDT 2002
A number of FTP and CVS sites that I use require a successful reverse lookup before granting anonymous access. I know this because I am often unable to use these sites because reverse lookups fail for my IP address. We've brought this to the attention of our ISP (Time Warner Telecom) who generally recognizes that a problem exists, but says they've identified the problem and fixed it. (this has happened several times)
My problem: (here's an example of the most recent instance)
Day 1 morning - I am able to access a particular NIH (National Institute of Health) HTTP server, no problems
Day 1 afternoon - I attempt to access an ftp server in the same domain but receive an error, I try several times
Day 1 afternoon - I can no longer access the HTTP server, nor the ftp server - no error reported
Day 4 morning - I still can't access or ping either site, however they are accessible from hosts in other domains
I've been told that, many public ftp sites perform a reverse lookup before granting access to a service (ftp, cvs,...). I think this is to avoid DoS attacks.
My theory: Their firewall detected the failed reverse lookups and assigned a default DENY (or similar) to any traffic originating from my IP address.
My questions:
Do you think traffic from my IP address is being blocked by their firewall, or is there a better explanation I've overlooked?
Has anyone else had similar problems with Time Warner and DNS reverse lookups?
If my address is blocked, do such things usually go away after a period of time, or must I contact their sysadmin and grovel?
How best to conclusively document this problem in a way the twtelecom will recognize the problem and take definitive action?
Thanks again,
Geoff
More information about the TriLUG
mailing list