lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <42307F77.60308@bitdefender.com>
From: azlate at bitdefender.com (Andrei Zlate-Podani)
Subject: Reverse dns

Paul Schmehl wrote:

> Is there an RFC *requirement* for reverse dns?

RFC 1035 doesn't state that IN-ADDR.ARPA lookups are optional.
<snip>

3.5. IN-ADDR.ARPA domain

The Internet uses a special domain to support gateway location and
Internet address to host mapping.  Other classes may employ a similar
strategy in other domains.  The intent of this domain is to provide a
guaranteed method to perform host address to host name mapping, and to
facilitate queries to locate all gateways on a particular network in the
Internet.

</snip>

>
> I've been looking through the RFCs and I can't find it.  Some folks 
> think reverse dns should be completely disabled.  I know for sure that 
> this will break email, because many mail servers won't talk to a 
> server that doesn't reverse.  Tcpdump also doesn't like hosts that 
> won't reverse.
>
> What I'm looking for is a standard (RFC) that states that enabling 
> reverse lookups is *required* or reverse lookups are *optional*.  If 
> they're optional, then reverse could be disabled for most hosts.
>
> I'm also looking for a list of things that *break* when you disable 
> reverse (e.g. mail).

I would say that reverse dns lookup is at most as "harmful" as normal 
lookup. It makes a lot of tools more user-friendly.
Even trace route uses this technique to display the names of the 
internet gateways.

>
> RULES FOR RESPONDING:
> 1) "Reverse is a good thing" is not an answer.  Neither is "Reverse is 
> a bad thing".
> 2) Opinions are not useful -  stick to facts only - chapter and verse 
> please.
> 3) All replies to the list please - others will find this useful as well.
>
> Paul Schmehl (pauls@...allas.edu)
> Adjunct Information Security Officer
> The University of Texas at Dallas
> AVIEN Founding Member
> http://www.utdallas.edu
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://www.secunia.com/
>
>


-- 
Ignorance more frequently begets confidence than does knowledge.
--- Charles Darwin



-- 
This message was scanned for spam and viruses by BitDefender.
For more information please visit http://linux.bitdefender.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ