| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <9D018FFD79A2316AC02DE86C@utd49554.utdallas.edu>
From: pauls at utdallas.edu (Paul Schmehl)
Subject: Reverse dns
--On Thursday, March 10, 2005 12:11:54 PM -0500 Valdis.Kletnieks@...edu
wrote:
> On Thu, 10 Mar 2005 09:57:57 CST, Paul Schmehl said:
>
>> I've been looking through the RFCs and I can't find it. Some folks
>> think reverse dns should be completely disabled. I know for sure that
>> this will break email, because many mail servers won't talk to a server
>> that doesn't reverse. Tcpdump also doesn't like hosts that won't
>> reverse.
>
> "tcpdump -n" is your friend. :)
>
{{sheesh}} I *meant* tcpwrappers. You're the second guy that's pointed out
that switch for tcpdump, and I was sitting here, scratching my head,
wondering why in the h you were bringing it up. I see now it's because the
wires between my brain and the keyboard were crossed.
Now that we've resolved that, here's my arguments, based on the helpful
input from the list:
1) reversing internet facing hosts is required by RFC 1912.
2) Ignoring an RFC should only be done for an extremely compelling reason.
3) Rather than hiding hostnames (which is a trivial security gain anyway)
we should *move* hosts to private space unless their owners can provide a
compelling reason for needing an internet-resolveable address.
Do I win? I think so. :-)
Paul Schmehl (pauls@...allas.edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu
Powered by blists - more mailing lists