From owner-freebsd-questions  Thu Nov 22  2:52:46 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from lv.raad.tartu.ee (lv.raad.tartu.ee [194.126.106.110])
	by hub.freebsd.org (Postfix) with ESMTP id 7886237B416
	for <freebsd-questions@freebsd.org>; Thu, 22 Nov 2001 02:52:42 -0800 (PST)
Received: Message by Barricade lv.raad.tartu.ee  with ESMTP id fAMAqfe24889
	for <freebsd-questions@freebsd.org>; Thu, 22 Nov 2001 12:52:41 +0200
Message-Id: <200111221052.fAMAqfe24889@lv.raad.tartu.ee>
Received: from SpoolDir by INFO (Mercury 1.48); 22 Nov 01 12:52:08 +0200
From: "Toomas Aas" <toomas.aas@raad.tartu.ee>
Organization: Tartu City Government
To: freebsd-questions@freebsd.org
Date: Thu, 22 Nov 2001 12:51:59 +0200
MIME-Version: 1.0
Content-type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7BIT
Subject: somewhat ot: reverse dns
X-info: Headers changed by Barricade
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

Hello!

I apologize for bringing more noise to already noisy list, but I 
need some generic advice on usage of reverse dns and my googling 
doesn't turn up anything useful. I thought this list is likely to 
have people on it who are at least able to point me in the right 
direction. Please reply directly to me.

The whole issue is more 'political' than technical. To put it 
concisely: is there any justification for requiring the IPs that 
try to access one of my web servers to have reverse DNS defined?

Now for more details. One of the servers we are using to serve our 
web content is Lotus Domino server running on Windows NT, situated 
inside our firewall. The thing is set up so that requests to port 
80 on the firewall are forwarded to the internal NT/Domino server.

Since I thought this would provide some minuscle amount of 
additional security, I set up the firewall so that requests are not 
forwarded if they come from IP address that does not have reverse 
DNS defined.

Now some guy who doesn't have reverse DNS defined contacted me and 
said that 'this kind of behaviour just is not acceptable'.

Well, I think it is perfectly acceptable, but I would like to find 
some documentation to back up my opinion (that is, if my opinion 
*is* correct to some measurable extent). Is it defined somewhere in 
RFCs or other widely accepted standards that one *should* have 
reverse DNS?

TIA,
--
Toomas Aas | toomas.aas@raad.tartu.ee | http://www.raad.tartu.ee/~toomas/
* Be sure to use DEVICE=EXXON to screw up your environment.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message