Firewall Wizards mailing list archives
multiple reverse PTRs and fqdn-based ACLs
From: ark () eltex ru
Date: Mon, 16 Dec 2002 14:55:05 +0300
nuqneH, Looks like some tools designed to keep forward and reverse zones in sync do create multiple reverse records. That was not widely accepted practice for years (though RFC that states the situation should be handled correctly exists since 1997) and many fqdn-based acl implementations (including mine ;) did not browse alias list for possible matches. Even more, some dns caching engines do cache one reverse record only. What do you think is preffered behavior? Restrict PTRs to one reverse record per IP only or to fix everything that is broken (and to cause significant increase of DNS traffic volume). I do both now ;-) -- _ _ _ _ _ _ _ {::} {::} {::} CU in Hell _| o |_ | | _|| | / _||_| |_ |_ |_ (##) (##) (##) /Arkan#iD |_ o _||_| _||_| / _| | o |_||_||_| [||] [||] [||] Do i believe in Bible? Hell,man,i've seen one! _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- multiple reverse PTRs and fqdn-based ACLs ark (Dec 16)