Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

multiple reverse PTRs and fqdn-based ACLs

From: ark () eltex ru
Date: Mon, 16 Dec 2002 14:55:05 +0300
nuqneH,

Looks like some tools designed to keep forward and reverse zones in sync
do create multiple reverse records. That was not widely accepted practice
for years (though RFC that states the situation should be handled correctly
exists since 1997) and many fqdn-based acl implementations (including mine ;)
did not browse alias list for possible matches. Even more, some dns caching
engines do cache one reverse record only.

What do you think is preffered behavior? Restrict PTRs to one reverse record
per IP only or to fix everything that is broken (and to cause significant
increase of DNS traffic volume). I do both now ;-)

-- 
                                     _     _  _  _  _      _  _
 {::} {::} {::}  CU in Hell          _| o |_ | | _|| |   / _||_|   |_ |_ |_
 (##) (##) (##)        /Arkan#iD    |_  o  _||_| _||_| /   _|  | o |_||_||_|
 [||] [||] [||]            Do i believe in Bible? Hell,man,i've seen one!
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: