Date: Mon, 1 Nov 1999 22:24:52 -0600 (CST) From: Alec Kloss <ajk@paw-in-eye.net> To: papalia@UDel.Edu (John) Cc: ajk@paw-in-eye.net, freebsd-questions@FreeBSD.ORG Subject: Re: Reverse DNS lookup Message-ID: <199911020424.WAA06999@D2SI.COM> In-Reply-To: <4.1.19991101182721.0094a470@mail.udel.edu> from John at "Nov 1, 1999 6:32: 7 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
John said:
> That all makes a bunch more sense now. (it will take some time to
> understand, but it makes more sense =) ). Looking at the IP's that are
> giving me trouble, they seem to all fall into the same boat.
>
> One last question on the topic... does having users w/o reverse lookups
> present any security holes, or set up any situations what require
> additional configuration for services? I'm not sure how to narrow down the
> question any more than that.
I believe it is considered good Internet etiquette to have reverse addresses
for everything, but I do not believe there is any actual requirement.
I've been wrong before though. The two situations where not having a
reverse entry has been problematic for me are
1) sshd will use the reverse entry to look up the public key for a
connecting host to verify that the host is trustworthy.
2) spam-sensitive mail servers (like hub.freebsd.org) are not
forgiving and do not send mail if they can't resolve the
address.
These two reasons by themselves are enough for me to be sure I have
working reverse lookups working, although I've never made them a
I'll-stay-up-all-night-until-it-works kind of priority.
> Thanks again!!!
No problem.
> --John
>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199911020424.WAA06999>