Full Disclosure mailing list archives

Re: Reverse dns

From: Duo <duo () digitalarcadia net>
Date: Thu, 10 Mar 2005 10:39:38 -0600 (CST)

RFC 2821.

It dosent, AFAIK, use any harsh requirements. But:

3.6 Domains

   Only resolvable, fully-qualified, domain names (FQDNs) are permitted
   when domain names are used in SMTP.  In other words, names that can
   be resolved to MX RRs or A RRs (as discussed in section 5) are
   permitted, as are CNAME RRs whose targets can be resolved, in turn,
   to MX or A RRs.  Local nicknames or unqualified names MUST NOT be
   used.

Strictly speaking, this may or may not help you. It would help if youwould describe the scenario/situation you are in. I could comment further,but without a bit more specific information, I dont feel I can commentproperly.

There are situations where its encouraged, required, or discouraged andnot wise. It's kind of hard to keep opinion out of it. Sendmail, as we allhave encountered from time to time, can be a bit more alechemy than actualscience. At least before the evolution of postfix.

You mention mail, but you also mention tcpdump. Again, id like tore-iterate, its difficult to give you an answer, without more detail as towhat it is you are trying to accomlish.


Just my $0.02. =)

Duo.

On Thu, 10 Mar 2005, Paul Schmehl wrote:

Is there an RFC *requirement* for reverse dns?
I've been looking through the RFCs and I can't find it. Some folks thinkreverse dns should be completely disabled. I know for sure that this willbreak email, because many mail servers won't talk to a server that doesn'treverse. Tcpdump also doesn't like hosts that won't reverse.
What I'm looking for is a standard (RFC) that states that enabling reverselookups is *required* or reverse lookups are *optional*. If they'reoptional, then reverse could be disabled for most hosts.
I'm also looking for a list of things that *break* when you disable reverse(e.g. mail).
RULES FOR RESPONDING:
1) "Reverse is a good thing" is not an answer. Neither is "Reverse is a badthing".
2) Opinions are not useful -  stick to facts only - chapter and verse please.
3) All replies to the list please - others will find this useful as well.

Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://www.secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://www.secunia.com/

Current thread:

Reverse dns Paul Schmehl (Mar 10)
- Re: Reverse dns Vincent Archer (Mar 10)
  - Re: Reverse dns Paul Schmehl (Mar 10)
- Re: Reverse dns Duo (Mar 10)
  - Re: Reverse dns Paul Schmehl (Mar 10)
    - Re: Reverse dns Duo (Mar 10)
    - Re: Reverse dns Danny (Mar 10)
    - Re: Reverse dns (whether you want it or not) TheGesus (Mar 10)
    - RE: Re: Reverse dns (whether you want it or not) Edward Ray (Mar 11)
    - Re: Reverse dns (whether you want it or not) Dave Korn (Mar 11)
    - Re: Re: Reverse dns (whether you want it or not) Danny (Mar 11)
    - Re: Reverse dns Valdis . Kletnieks (Mar 11)
    - Re: Reverse dns Simon Biles (Mar 11)
- Re: Reverse dns Danny (Mar 10)

(Thread continues...)