The Shœstring Foundation Weblog

non-PTRs in .arpa

Few people but nameserver admins know the .arpa toplevel domain. It has an hierarchical scheme with zones just as all other TLDs.

It's main use is to reverse map addresses. For an IP address like
111.22.3.4
this is done by requesting the PTR record for the hostname

4.3.22.111.in-addr.arpa

The DNS server for in-addr.arpa delegates the request to the server responsible for 111.in-addr.arpa and so recursively until a server is found who is responsible for the whole network containing the address. The reply typically is a hostname.

For IPv6 the domain is ip6.arpa and the encoding for e.g.
2001:780:3:170::2
is

2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.7.1.0.3.0.0.0.0.8.7.0.1.0.0.2.ip6.arpa

But there is no technical barrier against requesting other record types from under the .arpa tree. The DNS servers happily return A, AAAA, CNAME, DNAME or other records when asked nicely.

And nothing prevents an DNS admin from placing non-PTR records in the .arpa subzone. And nothing prevents them from prefixing arbitrary strings in front of the IPv6 subnet. And of course those .arpa names can be used just like hostnames...

For example, a valid URL for this blog could be this or that or even thiß.

Perhaps URL-based filtering can be subverted this way.

Thu, 12 Aug 2010
[/projects] permanent link