Re: Reverse dns

[Paul Schmehl <pauls () utdallas edu>]

--On Thursday, March 10, 2005 12:11:54 PM -0500 Valdis.Kletnieks () vt edu 
wrote:

> On Thu, 10 Mar 2005 09:57:57 CST, Paul Schmehl said:
>
> > I've been looking through the RFCs and I can't find it.  Some folks
> > think  reverse dns should be completely disabled.  I know for sure that
> > this will  break email, because many mail servers won't talk to a server
> > that doesn't  reverse.  Tcpdump also doesn't like hosts that won't
> > reverse.
>
> "tcpdump -n" is your friend. :)
{{sheesh}} I *meant* tcpwrappers.  You're the second guy that's pointed out 
that switch for tcpdump, and I was sitting here, scratching my head, 
wondering why in the h you were bringing it up.  I see now it's because the 
wires between my brain and the keyboard were crossed.

Now that we've resolved that, here's my arguments, based on the helpful 
input from the list:

1) reversing internet facing hosts is required by RFC 1912.

2) Ignoring an RFC should only be done for an extremely compelling reason.

3) Rather than hiding hostnames (which is a trivial security gain anyway) 
we should *move* hosts to private space unless their owners can provide a 
compelling reason for needing an internet-resolveable address.

Do I win?  I think so. :-)

Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://www.secunia.com/