13

There is an IPv4 address (in a /8 managed by ARIN) that I have no control over which reverse resolves to a domain name which I registered. Someone used the IP address to run a scam, and it is resulting in negative publicity for my domain, so I would like to get the reverse resolution result changed to not point at my domain.

The reverse resolution delegation looks like this:

dig +trace ptr .153.117.74.in-addr.arpa
...
in-addr.arpa.       172800  IN  NS  e.in-addr-servers.arpa.
in-addr.arpa.       172800  IN  NS  c.in-addr-servers.arpa.
in-addr.arpa.       172800  IN  NS  b.in-addr-servers.arpa.
in-addr.arpa.       172800  IN  NS  f.in-addr-servers.arpa.
in-addr.arpa.       172800  IN  NS  d.in-addr-servers.arpa.
in-addr.arpa.       172800  IN  NS  a.in-addr-servers.arpa.
74.in-addr.arpa.    86400   IN  NS  t.arin.net.
74.in-addr.arpa.    86400   IN  NS  u.arin.net.
74.in-addr.arpa.    86400   IN  NS  r.arin.net.
74.in-addr.arpa.    86400   IN  NS  y.arin.net.
74.in-addr.arpa.    86400   IN  NS  z.arin.net.
74.in-addr.arpa.    86400   IN  NS  v.arin.net.
74.in-addr.arpa.    86400   IN  NS  w.arin.net.
74.in-addr.arpa.    86400   IN  NS  x.arin.net.
..
153.117.74.in-addr.arpa. 86400  IN  NS  NS2.SIMPLIQ.NET.
153.117.74.in-addr.arpa. 86400  IN  NS  NS1.SIMPLIQ.NET.
...
lastdigits.153.117.74.in-addr.arpa. 300 IN  PTR my domain name.
153.117.74.in-addr.arpa. 300    IN  NS  ns2.simpliq.net.
153.117.74.in-addr.arpa. 300    IN  NS  ns1.simpliq.net.

I have tried contacting the ISP that runs the final nameservers in that resolution both by e-mail using the address in the domain and IP WHOIS, and through the online chat on their website without success (I suspect they are simply ignoring me).

Is there any legitimate way to put more pressure on this ISP to change the reverse resolution for an IP that they control? For example, is there an ARIN policy that can be invoked so that the ISP risks losing their in-addr.arpa delegation for the /24 if they don't remove the wrong entry? Any other suggested approach to solving the problem?

a1kmm
  • 413
  • 1
  • 3
  • 9
  • 2
    I have bookmarked this question, I hope you update us when the issue is resolved. I am genuinely curious. – David Houde Apr 06 '13 at 06:40
  • 2
    Playing Devil's advocate, what makes this entry *wrong*? Their customer wants that record. Why should your wishes override their customer's? If you pointed a DNS entry at his IP, should he be able to force you to remove it? What if you pointed your MX records at one of his A records? Should his ISP be obliged to go through the process to verify that you actually own the domain? Are they equipped to do that? – Ladadadada Apr 06 '13 at 13:08
  • Out if Devil's advocate mode, suing them (ISP or customer) for defamation would seem the best course of action to me, but I'm no expert in these matters. – Ladadadada Apr 06 '13 at 13:11
  • 2
    In that same devil's advocate mode - having worked at an ISP I can tell you that as a non customer they are "disinclined to acquiesce to your request" (means "Get lost loser, you don't pay us). That said we also used to take reasonable steps to be sure a customer controlled the forward zone before giving them a PTR record. If neither the ISP nor their customer is willing to work with you [contacting ARIN may be your best bet](http://serverfault.com/a/496747/32986) but they may not be very useful & you may have to resort to legal action.. – voretaq7 Apr 09 '13 at 23:42
  • «I have tried contacting the ISP» — BTW, what ISP exactly it was? – poige Apr 11 '13 at 01:30

1 Answers1

3

Since, it's ARIN authority I'd start here: https://www.arin.net/abuse.html

poige
  • 9,171
  • 2
  • 24
  • 50
  • That page isn't for what you seem to think it's for. – Andrew B Apr 06 '13 at 05:57
  • You seem to be mistaken in what you think I think it's for. ) Actually, if an ISP ignores you, you have no other choice but going to it's superior authority. And yep, this wrong reverse-DNS + complaints ignore still falls under abuse category. – poige Apr 06 '13 at 06:01
  • 1
    You're right about starting with ARIN, I just don't think the link is very useful. The only relevant detail on the ARIN abuse page was an e-mail address regarding incorrect contact information. While it's true that one can "play it off" that the contact information might be wrong and use that to force this matter, a more direct approach for this sort of problem would be preferable. – Andrew B Apr 06 '13 at 06:07
  • @AndrewB, well, your "more direct approach" more than welcome, and I'd personally vote up it for you. ;) – poige Apr 06 '13 at 06:17
  • 1
    https://www.arin.net/resources/fraud/index.html is as close as they're going to get probably. ("not limited to" being the operative words) Sorry about the delete, had a moment of doubt. And no, your answer was still close enough to the mark, I was just trying to nudge it toward something directly addressing the issue. – Andrew B Apr 06 '13 at 06:20
  • 2
    The response from ARIN: "Unfortunately ARIN has no authority over the individual PTR records within these name servers, or to ensure [ISP] makes necessary updates to their PTR records". – a1kmm Apr 10 '13 at 23:28
  • That sucks. Well, at least you can use SPF to minimize the impact and DKIM to sign your own domain mail… – poige Apr 11 '13 at 01:30