nanog mailing list archives
Re: Reverse DNS RFCs and Recommendations
From: Masataka Ohta <mohta () necom830 hpcl titech ac jp>
Date: Thu, 31 Oct 2013 07:42:44 +0900
Andrew Sullivan wrote:
The classic TCP wrapper had this as one of the security featuresI would agree with that if you'd put scare-quotes around the word "security". In general anyone depending on the reverse tree to provide them any kind of security is engaged in wishful thinking,
No, it's you who have wishful thinking.
particularly if the lookup isn't validated with DNSSEC.
As is discussed recently in IETF main and dns MLs, Lack of
secure time in most environment makes DNSSEC insecure.
Legal enforcement on zone administrators makes related zones
insecure.
For most users, security by plain DNS with reverse look up is
fine.
Masataka Ohta
Current thread:
- Reverse DNS RFCs and Recommendations Nolan Rollo (Oct 30)
- Re: Reverse DNS RFCs and Recommendations Nick Hilliard (Oct 30)
- Re: Reverse DNS RFCs and Recommendations Andrew Sullivan (Oct 30)
- Re: Reverse DNS RFCs and Recommendations Mikael Abrahamsson (Oct 30)
- Re: Reverse DNS RFCs and Recommendations Andrew Sullivan (Oct 30)
- Re: Reverse DNS RFCs and Recommendations Masataka Ohta (Oct 30)
- Re: Reverse DNS RFCs and Recommendations Valdis . Kletnieks (Oct 30)
- Re: Reverse DNS RFCs and Recommendations Masataka Ohta (Oct 30)
- Re: Reverse DNS RFCs and Recommendations Andrew Sullivan (Oct 30)
- Re: Reverse DNS RFCs and Recommendations Nick Hilliard (Oct 30)
- Re: Reverse DNS RFCs and Recommendations Leo Bicknell (Oct 30)
- Re: Reverse DNS RFCs and Recommendations Andrew Sullivan (Oct 30)
- Re: Reverse DNS RFCs and Recommendations Dave Crocker (Oct 31)
- Re: Reverse DNS RFCs and Recommendations Tim Franklin (Oct 30)
- Re: Reverse DNS RFCs and Recommendations Andrew Sullivan (Oct 30)