From Newsgroup: news.software.nntp

Hi all,

I see a of these in my log files:


Mar 31 02:01:39 newsfeed nnrpd[3339866]: ? reverse lookup for 2001:41d0:a:280::1 failed: reverse lookup validation failed -- using IP
address for access

Mar 31 02:01:39 newsfeed nnrpd[3339866]: ? reverse
lookup for 2602:fe64:8::7 failed: reverse lookup validation failed --
using IP address for access


Odd thing is, both have RDNS entries. the first is for news.nntp4.net
and the 2nd is for my own server, newsfeed.endofthelinebbs.com


Interestingly, news.nntp4.net does not resolve back to that IP, it uses 2001:41d0:700:1273::

Mine definitely does, however.

open to suggestions.

Thanks.
--
End Of The Line BBS - Plano, TX
telnet endofthelinebbs.com 23


--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: news.software.nntp

Nigel Reed wrote:

Mar 31 02:01:39 newsfeed nnrpd[3339866]: ? reverse lookup for 2001:41d0:a:280::1 failed: reverse lookup validation failed -- using IP address for access

Interestingly, news.nntp4.net does not resolve back to that IP, it uses 2001:41d0:700:1273::

That's probably why the "reverse lookup validation failed"
otherwise someone could map their IP to any name they like
to get around hostname based access control.

MTAs have done that kind of check "for ages".

BTW: does the DNS resolver used by nnrpd give the expected
result for your own IP?
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: news.software.nntp

On Mon, 31 Mar 2025 04:58:28 -0400 (EDT)
Claus A|fmann <INVALID_NO_CC_REMOVE_IF_YOU_DO_NOT_POST_ml+sendmail(-no-copies-please)@esmtp.org>
wrote:

Nigel Reed wrote:

Mar 31 02:01:39 newsfeed nnrpd[3339866]: ? reverse lookup for 2001:41d0:a:280::1 failed: reverse lookup validation failed --
using IP address for access

Interestingly, news.nntp4.net does not resolve back to that IP, it
uses 2001:41d0:700:1273::

That's probably why the "reverse lookup validation failed"
otherwise someone could map their IP to any name they like
to get around hostname based access control.

MTAs have done that kind of check "for ages".

BTW: does the DNS resolver used by nnrpd give the expected
result for your own IP?

I'm pretty sure I said in the original message that my IP resolves
correctly. You seem to have ignored that paragraph.
news@newsfeed:~$ host 2602:fe64:8::7 7.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.0.0.0.4.6.e.f.2.0.6.2.ip6.arpa
domain name pointer newsfeed.endofthelinebbs.com.
news@newsfeed:~$ host newsfeed.endofthelinebbs.com
newsfeed.endofthelinebbs.com has address 144.172.126.95 newsfeed.endofthelinebbs.com has IPv6 address 2602:fe64:8::7
news@newsfeed:~$ host 144.172.126.95
95.126.172.144.in-addr.arpa domain name pointer
newsfeed.endofthelinebbs.com.
All my IPs resolve correctly.
--
End Of The Line BBS - Plano, TX
telnet endofthelinebbs.com 23
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: news.software.nntp

On 31.03.2025 02:11 Uhr Nigel Reed wrote:

Mar 31 02:01:39 newsfeed nnrpd[3339866]: ? reverse lookup for 2001:41d0:a:280::1 failed: reverse lookup validation failed -- using
IP address for access

m@ryz:~$ host 2001:41d0:a:280::1 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.2.0.a.0.0.0.0.d.1.4.1.0.0.2.ip6.arpa
domain name pointer news.nntp4.net. m@ryz:~$ host news.nntp4.net
news.nntp4.net has address 54.36.109.115
news.nntp4.net has IPv6 address 2001:41d0:700:1273::
m@ryz:~$

Faulty, contact Timo:
https://news.nntp4.net/contact.php

Mar 31 02:01:39 newsfeed nnrpd[3339866]: ? reverse
lookup for 2602:fe64:8::7 failed: reverse lookup validation failed --
using IP address for access

Looks good for me, test your DNS.
--
kind regards
Marco

Send spam to 1743379904muell@stinkedores.dorfdsl.de

--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: news.software.nntp

Nigel Reed wrote:

I'm pretty sure I said in the original message that my IP resolves
correctly. You seem to have ignored that paragraph.

No, I have not. I asked about the
"the DNS resolver used by nnrpd"
not about you using commmand line tools.

All my IPs resolve correctly.

nnrpd claims there is a mismatch between PTR and AAAA -
so what's different in nnrpd vs CLI?
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: news.software.nntp

On 02.04.2025 01:57 Uhr Claus A|fmann wrote:

nnrpd claims there is a mismatch between PTR and AAAA -
so what's different in nnrpd vs CLI?

I assume it uses the libc functions.
A view to /etc/nsswitch.conf might be interesting here.
--
kind regards
Marco
Send spam to 1743551859muell@stinkedores.dorfdsl.de
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: news.software.nntp

Hi Marco,

nnrpd claims there is a mismatch between PTR and AAAA -
so what's different in nnrpd vs CLI?

I assume it uses the libc functions.
A view to /etc/nsswitch.conf might be interesting here.

Indeed, nnrpd just uses the getnameinfo and getaddrinfo libc functions.
Their manual pages mention the following related files:

/etc/hosts
/etc/nsswitch.conf
/etc/resolv.conf
/etc/gai.conf
--
Julien |eLIE

-2-aRien n'est plus aga|oant que de ne pas se rappeler ce dont on ne
parvient pas |a se souvenir et rien n'est plus |-nervant que de se
souvenir de ce qu'on voudrait parvenir |a oublier.-a-+ (Pierre Dac)

--- Synchronet 3.21a-Linux NewsLink 1.2