|
Full Disclosure
mailing list archives
Re: Reverse dns
From: Valdis.Kletnieks () vt edu
Date: Thu, 10 Mar 2005 16:35:49 -0500
On Thu, 10 Mar 2005 11:30:51 CST, Paul Schmehl said:
give details. I'll give you this much. We're having a
philosophical disagreement about the value of disallowing reverse dns for
hosts on our network. It's the ancient security by obscurity discussion.
My concern is that we should not disable dns when (or if) it's required.
Obviously we would not disable it for the MX hosts, but I'm unclear what
(if anything) the RFC requirements are. Absent any requirements, there's
not cogent argument for *not* doing it, with the aforementioned exceptions.
The security via obscurity is very slim - remember that if they're looking for
the PTR entry, they *already* have the IP address..
One good reason to put the PTR out there is because it allows sanity-checking of
your DNS - if you have 'foo.example.com A 10.10.100.1', then there should be
a '1.100.10.10.in-addr.arpa PTR foo.example.com' to match. If you fumble-finger
and get 'foo.example.com A 10.10.100.10', you can catch it because when you
look up the PTR, you find '10.100.10.10.in-addr.arpa PTR bar.example.com'.
Attachment:
_bin
Description:
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://www.secunia.com/
 By Date 
By Thread
Current thread:
- Re: Reverse dns, (continued)
- Re: Reverse dns Valdis . Kletnieks (Mar 11)
- Re: Reverse dns Simon Biles (Mar 11)
Re: Reverse dns Danny (Mar 10)
RE: Reverse dns Edward Ray (Mar 10)
Re: Reverse dns Andrei Zlate-Podani (Mar 10)
Re: Reverse dns Valdis . Kletnieks (Mar 10)
| 
Intro
