[166548] in North American Network Operators' Group


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Reverse DNS RFCs and Recommendations

daemon@ATHENA.MIT.EDU (Andrew Sullivan)
Wed Oct 30 13:21:55 2013

Date: Wed, 30 Oct 2013 13:21:37 -0400
From: Andrew Sullivan <asullivan@dyn.com>
To: nanog@nanog.org
In-Reply-To: <alpine.DEB.2.02.1310301812230.1838@uplift.swm.pp.se>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org

On Wed, Oct 30, 2013 at 06:13:35PM +0100, Mikael Abrahamsson wrote:
> The classic TCP wrapper had this as one of the security features

I would agree with that if you'd put scare-quotes around the word
"security".  In general anyone depending on the reverse tree to
provide them any kind of security is engaged in wishful thinking,
particularly if the lookup isn't validated with DNSSEC.  (But yes,
that's waht the TCP wrappers package was supposed to be doing.)

A 

-- 
Andrew Sullivan
Dyn, Inc.
asullivan@dyn.com
v: +1 603 663 0448


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[166548] in North American Network Operators' Group

Re: Reverse DNS RFCs and Recommendations

daemon@ATHENA.MIT.EDU (Andrew Sullivan)Wed Oct 30 13:21:55 2013

daemon@ATHENA.MIT.EDU (Andrew Sullivan)
Wed Oct 30 13:21:55 2013