lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 10 Sep 2007 13:06:10 -0400
From:	Valdis.Kletnieks@...edu
To:	Alan Cox <alan@...rguk.ukuu.org.uk>
Cc:	Sami Farin <safari-kernel@...ari.iki.fi>,
	linux-kernel@...r.kernel.org
Subject: Re: Broken mail setup

On Mon, 10 Sep 2007 14:39:34 BST, Alan Cox said:
> On Mon, 10 Sep 2007 16:20:42 +0300
> Sami Farin <safari-kernel@...ari.iki.fi> wrote:
> 
> > On Mon, Sep 10, 2007 at 13:59:12 +0100, Alan Cox wrote:
> > > Will RMK (rmk@....linux.org.uk) please fix his email setup otherwise I
> > > can't send serial/tty/arm stuff to him.
> > > 
> > > "<<< 550 You have no reverse DNS; please try again when you have resolved
> > 
> > Well, outpipe-village-512-1.bc.nu is NXDOMAIN.
> > It should have A record 81.2.110.250.
> 
> I've yet to see a specification which requires this.

RFC1912 is admittedly "Informational" status. However, it *does* say:

2.1 Inconsistent, Missing, or Bad Data

   Every Internet-reachable host should have a name.  The consequences
   of this are becoming more and more obvious.  Many services available
   on the Internet will not talk to you if you aren't correctly
   registered in the DNS.

   Make sure your PTR and A records match.  For every IP address, there
   should be a matching PTR record in the in-addr.arpa domain.  If a
   host is multi-homed, (more than one IP address) make sure that all IP
   addresses have a corresponding PTR record (not just the first one).
   Failure to have matching PTR and A records can cause loss of Internet
   services similar to not being registered in the DNS at all.  Also,
   PTR records must point back to a valid A record, not a alias defined
   by a CNAME.  It is highly recommended that you use some software
   which automates this checking, or generate your DNS data from a
   database which automatically creates consistent data.

That advice came out in Feb 1996.  You're being bit by the 3rd sentence.

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ