Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Reverse dns

From: Paul Schmehl <pauls () utdallas edu>
Date: Thu, 10 Mar 2005 11:30:51 -0600
--On Thursday, March 10, 2005 10:39:38 AM -0600 Duo <duo () digitalarcadia net> wrote: 

Strictly speaking, this may or may not help you. It would help if you
would describe the scenario/situation you are in. I could comment
further, but without a bit more specific information, I dont feel I can
comment properly.
I'd prefer not to give details. I'll give you this much. We're having a philosophical disagreement about the value of disallowing reverse dns for hosts on our network. It's the ancient security by obscurity discussion.
My concern is that we should not disable dns when (or if) it's required. Obviously we would not disable it for the MX hosts, but I'm unclear what (if anything) the RFC requirements are. Absent any requirements, there's not cogent argument for *not* doing it, with the aforementioned exceptions. 

Hopefully that clarifies it a bit.
Some questions that come to mind - what, if anything, is the consequence of disabling reverse lookups for your NS servers? For web servers? For other services? For workstations? Etc., etc. 

Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://www.secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: