[166547] in North American Network Operators' Group
Re: Reverse DNS RFCs and Recommendations
daemon@ATHENA.MIT.EDU (Mikael Abrahamsson)
Wed Oct 30 13:14:13 2013
Date: Wed, 30 Oct 2013 18:13:35 +0100 (CET)
From: Mikael Abrahamsson <swmike@swm.pp.se>
To: Andrew Sullivan <asullivan@dyn.com>
In-Reply-To: <20131030165536.GC525@dyn.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Wed, 30 Oct 2013, Andrew Sullivan wrote:
> On Wed, Oct 30, 2013 at 04:24:42PM +0000, Nick Hilliard wrote:
>> the only thing that's important is that forward and reverse DNS matches.
>
> As I think I've said before on this list, when we tried to get
> consensus on that claim in the DNSOP WG at the IETF, we couldn't.
> Indeed, we couldn't even get consensus on the much more bland
> statement, "Some people rely on the reverse, and you might want to
> take that into consideration when running your services."
The classic TCP wrapper had this as one of the security features, if
reverse said something and this couldn't be verified by doing a forward
lookup, the reverse was treated as invalid and not used for name based
policies.
--
Mikael Abrahamsson email: swmike@swm.pp.se
