dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
1710
share rss forum feed

prgr

join:2012-10-23

[DNS] "Official" Comcast BizClass answer - NO to RDNS

For anyone interested -- this took me a while to get a straight answer, so thought I'd share.

I've been looking to upgrade my DSL Internet svc. My most likely target was Comcast BusinessClass Internet.

One of my requirements is the delegation of RDNS records to my own nameservers (which has been done for me without issue by both AT&T and Sonic.net).

In doing my research @Comast on this, I kept getting different answers depending on who I talked to. BusinessClass TechSupport in my area assured me that it's doable and regularly done. Sales said, "Sure!", but when I asked for something in writing, I got "We'll get back to you asap"; they never did.

I finally called Comcast HQ, asked for the Escalation Team in the President's Office, and was put in touch with a representative from "BSG Corporate Escalations" who fielded all my questions, and answered them quickly & clearly. (A nice change, for once ...)

The definitive answer re: RDNS is -- "No".

Specifically:

QUESTION:

"Will Comcast delegate the RDNS in-addr.arpa addresses for the IPs in the assigned static IP range to my name servers? If yes, what specific method of delegation do you use, and what should the zone name and records be on my end? What will be the required config for the Comcast reverse delegation?"

ANSWER:

"At this time we are unable to delegate rDNS records to customer owned name-servers.

This is due to liability concerns as Comcast is at some level responsible for the activity associated on our static IP addresses."

which, IMO, is ridiculous hogwash -- but it IS an answer. Finally.


Extide

join:2000-06-11
84129

Re: [DNS] "Official" Comcast BizClass answer - NO to R

It's because they don't want you to arbitrarily set the rDNS to like i.did.brittany.spears.com or something. I m fairly sure they will change the rDNS by request, which allows then to review it first. A lot of time they will require the name to also have a forward record back to the same IP.


AVonGauss
Premium
join:2007-11-01
Boynton Beach, FL
reply to prgr

As was already mentioned, they will definitely update the rDNS for static addresses to the host(s) of your choice and I do believe the forward does need to match. Out of curiosity, why the need for the delegation?



NetFixer
From my cold dead hands
Premium
join:2004-06-24
The Boro
Reviews:
·Cingular Wireless
·Comcast Business..
·Vonage
·Comcast
reply to prgr

Comcast Business Class will definitely setup PTR records for you if you have an IPv4 static IP block for your account. They will not delegate that to you however.

That has been my experience with other ISPs for small business class users (including AT&T). Perhaps what you are looking for is Comcast's Enterprise service instead of their small business service? I don't know that they would delegate rDNS to even an Enterprise class customer, but it is more likely than for a small business class customer.
--
We can never have enough of nature.
We need to witness our own limits transgressed, and some life pasturing freely where we never wander.


prgr

join:2012-10-23

> Comcast Business Class will definitely setup PTR records for you if you
> have an IPv4 static IP block for your account.

Apparently, only single-PTR records per IP; multiple not an option. And, in any case, no commitment to response times for changes/adds. As far as I've found, that is.

> They will not delegate that to you however

That's consistent with what the "Exec Team" response was. It contradicts what the TechSupport & Sales folks were saying.

> That has been my experience with other ISPs for small business
> class users (including AT&T)

We've different experiences, then. Just fwiw, as I'd mentioned -- both Sonic.net & AT&T currently have done it for me on my Static DSL-connected blocks. Not the slightest hesitation in either case.


Extide

join:2000-06-11
84129

How exactly can you have more than one PTR record per IP? Does it end up being round-robin like multiple A records? That doesnt seem to make sense though...


prgr

join:2012-10-23

> How exactly can you have more than one PTR record per IP?
»en.wikipedia.org/wiki/Reverse_DN···_records


AVonGauss
Premium
join:2007-11-01
Boynton Beach, FL

That all goes back to - why? Why the need for delegation in the first place and for using multiple PTR records (which is a bad idea).



pflog
Bueller? Bueller?
Premium,MVM
join:2001-09-01
El Dorado Hills, CA
kudos:3

said by AVonGauss:

That all goes back to - why? Why the need for delegation in the first place and for using multiple PTR records (which is a bad idea).

For a /29 (or larger) block, having the PTR records delegated allows the person to change the PTR records at will, but I don't think this is normally required except for someone on irc trying to use vanity hosts to look "leet".

I don't see why asking a PTR record to be changed (which they will happily do and usually quite quickly) is a big deal. Sure, I'd love to control my own rDNS, but I haven't touched my PTR records since I had them created.
--
"Women. Can't live with 'em, pass the beer nuts." -Norm

AVonGauss
Premium
join:2007-11-01
Boynton Beach, FL

I'm trying not to make that assumption which is why I'm asking.



pflog
Bueller? Bueller?
Premium,MVM
join:2001-09-01
El Dorado Hills, CA
kudos:3

said by AVonGauss:

I'm trying not to make that assumption which is why I'm asking.

I can't think of a reason why it's a necessity, but perhaps the OP can chime in with their specific need/reason.
--
"Women. Can't live with 'em, pass the beer nuts." -Norm


JohnInSJ
Premium
join:2003-09-22
San Jose, CA

said by pflog:

said by AVonGauss:

I'm trying not to make that assumption which is why I'm asking.

I can't think of a reason why it's a necessity, but perhaps the OP can chime in with their specific need/reason.

I can't either... mine hasn't changed in 4 years
--
My place : »www.schettino.us

prgr

join:2012-10-23
reply to AVonGauss

... multiple clients' virtual hosts, each with its own SSL cert, requiring a matching PTR record.

in any case, Comcast is out of consideration.



pflog
Bueller? Bueller?
Premium,MVM
join:2001-09-01
El Dorado Hills, CA
kudos:3

said by prgr:

... multiple clients' virtual hosts, each with its own SSL cert, requiring a matching PTR record.

So your clients need the ability to change their virtual host frequently? What kind of service requires that sort of thing? I mean, in my experience, Comcast will update these PTR records very quickly.
--
"Women. Can't live with 'em, pass the beer nuts." -Norm

AVonGauss
Premium
join:2007-11-01
Boynton Beach, FL
reply to prgr

If you're wanting to run virtual web servers, you'd be far better off with using a VPS or dedicated in a data center than a Comcast business connection. Even there, it still would be a bad idea to use multiple PTR records.



pflog
Bueller? Bueller?
Premium,MVM
join:2001-09-01
El Dorado Hills, CA
kudos:3
reply to pflog

said by pflog:

said by prgr:

... multiple clients' virtual hosts, each with its own SSL cert, requiring a matching PTR record.

So your clients need the ability to change their virtual host frequently? What kind of service requires that sort of thing? I mean, in my experience, Comcast will update these PTR records very quickly.

Ok I missed the multiple PTR records thing. So the OP wants to do a bunch of http virtual hosts and wants forward and reverse DNS to match. Yeah, not going to happen with Comcast. While they will absolutely add a PTR record (and quickly), I seriously doubt they're going to add multiple PTR records, and I also think if they did, there's a high chance you'd get someone who would wipe them all and just use the latest one you request.

I second what AVonGauss See Profile said - you should be looking at a VPS or dedicated server type product, not Comcast biz class.
--
"Women. Can't live with 'em, pass the beer nuts." -Norm


espaeth
Digital Plumber
Premium,MVM
join:2001-04-21
Minneapolis, MN
kudos:2
Reviews:
·Vitelity VOIP
reply to prgr

said by prgr:

... multiple clients' virtual hosts, each with its own SSL cert, requiring a matching PTR record.

That's not a technical requirement of SSL -- forward resolution only has to match the common name of the cert. PTR records never come into play.

Sharing multiple SSL certs on a common IP requires SNI support by all client browsers. It'll be great someday when it's universally supported, in the meantime, good luck.


whfsdude
Premium
join:2003-04-05
Washington, DC
Reviews:
·Comcast
reply to prgr

I suspect this has more to do with DNSSEC than anything else. Looks like Comcast has already signed a few of their in-addr.arpa and ip6.arpa zones. (Edit: Actually, they might not have yet, but I suspect it's in their policies and roadmap - hence why no rDNS to small customers).

»www.nanog.org/meetings/nanog45/p···_N45.pdf

I see two options if rDNS is a requirement:
#1 GRE tunnel to a data center.

#2 Become go the Comcast wholesale route and run BGP on your end.