nanog mailing list archives
Re: Reverse DNS RFCs and Recommendations
From: Jimmy Hess <mysidia () gmail com>
Date: Tue, 5 Nov 2013 18:47:33 -0600
On Tue, Nov 5, 2013 at 6:00 PM, Masataka Ohta < mohta () necom830 hpcl titech ac jp> wrote:
Sander Steffann wrote:...You're linking things together that are completely orthogonal... You misunderstand very basic points on why forward and reverse DNS checking is useful.
Just to note... the main reason checking reverse DNS stays useful: is because that it is so hard to change in many cases. Specifically: if a server at some IP address X is under the control of a spammer; and rDNS is not setup, or rDNS points to some dynamic-looking hostname, It will be difficult or not possible for the spammer to modify the RDNS of the IP address, in many cases; the RDNS is most often managed by the ISP. Or it may be in a DNS infrastructure running on separate networks, with separate access credentials. If RDNS were easy to change; e.g. if you just needed to guess a password to the server, and get signing key information from a DHCP transaction; the spammer would just change it. Delegating "Secure RDNS update" with prefix delegation may in fact, make RDNS information so easy to publish, that the spammers of the world can do it, after compromising a router or host on the victim network, and just "Registering the better hostname in the DNS". The update process may be "secure", but there are new attack vectors. The value of even looking at RDNS, let alone worrying about Forward+Reverse DNS agreement/confirmation may not translate well to IPv6. -- -JH
Current thread:
- RE: Reverse DNS RFCs and Recommendations, (continued)
- RE: Reverse DNS RFCs and Recommendations Alex Rubenstein (Nov 01)
- Re: Reverse DNS RFCs and Recommendations Masataka Ohta (Nov 01)
- Re: Reverse DNS RFCs and Recommendations Mark Andrews (Nov 01)
- Re: Reverse DNS RFCs and Recommendations Masataka Ohta (Nov 02)
- Re: Reverse DNS RFCs and Recommendations Mark Andrews (Nov 02)
- Re: Reverse DNS RFCs and Recommendations Masataka Ohta (Nov 02)
- Re: Reverse DNS RFCs and Recommendations Sander Steffann (Nov 02)
- Re: Reverse DNS RFCs and Recommendations Masataka Ohta (Nov 02)
- Re: Reverse DNS RFCs and Recommendations Sander Steffann (Nov 02)
- Re: Reverse DNS RFCs and Recommendations Masataka Ohta (Nov 05)
- Re: Reverse DNS RFCs and Recommendations Jimmy Hess (Nov 05)
- Re: Reverse DNS RFCs and Recommendations Mark Andrews (Nov 05)
- Re: Reverse DNS RFCs and Recommendations Masataka Ohta (Nov 06)
- Re: Reverse DNS RFCs and Recommendations Mark Andrews (Nov 06)
- Re: Reverse DNS RFCs and Recommendations Masataka Ohta (Nov 06)
- Re: Reverse DNS RFCs and Recommendations Mark Andrews (Nov 02)
- Re: Reverse DNS RFCs and Recommendations Mark Andrews (Nov 04)
- Re: Reverse DNS RFCs and Recommendations Lee Howard (Nov 05)
- Re: Reverse DNS RFCs and Recommendations Mark Andrews (Nov 05)
- Re: Reverse DNS RFCs and Recommendations Livingood, Jason (Nov 06)