Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: DNS PTR record

From: "David Gillett" <gillettdavid () fhda edu>
Date: Tue, 3 Mar 2009 12:05:56 -0800
  We have an email server here which expects to receive inbound email 
at one IP address and originate outbound email from an adjacent address.
Apparently this configuration, while it surprises people who hope to
use rDNS to detect spam, is not at all unusual amongst real-world email
deployments.

David Gillett
 


-----Original Message-----
From: Ronald van der Westen [mailto:rvdwesten () gmail com] 
Sent: Monday, March 02, 2009 9:47 PM
To: Abo Sous
Cc: security-basics () securityfocus com
Subject: Re: DNS PTR record

Hi,

What are you trying to achieve with this?
It looks like there is a PTR record for the y.y.y.231 which 
points to mail.domain.com.
And mail.domain.com points to y.y.y.230, are you sure there 
are not multiple A-records for mail.domain.com?
Where does the PTR for .230 point to?

What did you expect to happen?

This is probably the result of not cleaning old records, or 
just a wrong configuration, nothing special, quite common ;-)

-Ronald

On Sat, Feb 28, 2009 at 4:31 PM, Abo Sous <abussous () gmail com> wrote:

Hi List,

i am digging a mail server and a router on my domain; i get the 
following results:

1- the dig domain.com MX gives me:
;; QUESTION SECTION:
;domain.com                                 IN            MX
 ;; ANSWER SECTION:
domain.com.                  20778      IN            MX    

      10 

mail.domain.com.
 ;; ADDITIONAL SECTION:
mail.domain.com.                          20778      IN            A
         y.y.y.230

2- the dig -x y.y.y.231 (the router) gives me:
;; QUESTION SECTION:
;231.y.y.y.in-addr.arpa.        IN      PTR

;; ANSWER SECTION:
231.y.y.y.in-addr.arpa. 21495 IN        PTR     mail.domain.com.

obviously, the output from step number 2 is wrong

my question is: where could this error possibly lead to? 

what are the 

vulnerabilities / security issues that might arise from this?

thanks in advance,

-A/S





--
Ronald van der Westen
Previous By Date Next
Previous By Thread Next

Current thread: