From owner-freebsd-questions Mon Nov 1 20:25: 1 1999 Delivered-To: freebsd-questions@freebsd.org Received: from D2SI.COM (D2SI.COM [63.224.10.2]) by hub.freebsd.org (Postfix) with ESMTP id 406B614BC7 for ; Mon, 1 Nov 1999 20:24:54 -0800 (PST) (envelope-from ajk@paw-in-eye.net) Received: (from ajk@localhost) by D2SI.COM (8.9.3/8.9.3) id WAA06999; Mon, 1 Nov 1999 22:24:52 -0600 (CST) (envelope-from ajk) From: Alec Kloss Message-Id: <199911020424.WAA06999@D2SI.COM> Subject: Re: Reverse DNS lookup In-Reply-To: <4.1.19991101182721.0094a470@mail.udel.edu> from John at "Nov 1, 1999 6:32: 7 pm" To: papalia@UDel.Edu (John) Date: Mon, 1 Nov 1999 22:24:52 -0600 (CST) Cc: ajk@paw-in-eye.net, freebsd-questions@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL43 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG John said: > That all makes a bunch more sense now. (it will take some time to > understand, but it makes more sense =) ). Looking at the IP's that are > giving me trouble, they seem to all fall into the same boat. > > One last question on the topic... does having users w/o reverse lookups > present any security holes, or set up any situations what require > additional configuration for services? I'm not sure how to narrow down the > question any more than that. I believe it is considered good Internet etiquette to have reverse addresses for everything, but I do not believe there is any actual requirement. I've been wrong before though. The two situations where not having a reverse entry has been problematic for me are 1) sshd will use the reverse entry to look up the public key for a connecting host to verify that the host is trustworthy. 2) spam-sensitive mail servers (like hub.freebsd.org) are not forgiving and do not send mail if they can't resolve the address. These two reasons by themselves are enough for me to be sure I have working reverse lookups working, although I've never made them a I'll-stay-up-all-night-until-it-works kind of priority. > Thanks again!!! No problem. > --John > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message