From: ibuprofin@painkiller.example.tld.invalid
On Tue, 3 Feb 2015, in the Usenet newsgroup comp.protocols.tcp-ip, in article
, glen herrmannsfeldt wrote:
>A: Nobody uses it, and it is a waste of time to set up the servers.
A: Nobody uses it, and it is too HARD to set up the servers. ;-)
I've also seen people who avoid setting things up because it's a huge
security hole if you let people figure out host names... either that
or they make you the object of intense laughter/ridicule. I've also
seen a lot of setups where "dig -x 192.0.2.22" would return the answer
"22.2.0.192-in-addr.arpa" (PTR records obviously created by a perl or
shell script).
>C: Only hosts that make outgoing connections need DNS, don't waste
> the time otherwise.
man 5 hosts_access
PARANOID
Matches any host whose name does not match its address. When tcpd
is built with -DPARANOID (default mode), it drops requests from
such clients even before looking at the access control tables.
Build without -DPARANOID when you want more control over such
requests.
tcp_wrappers hasn't been maintained, and the last version released was
7.6 is dated 7 April, 1997. On the other hand, I think most SMTP
servers are also set to require matching DNS entries.
>E: Every host (and each port of multi-homed hosts) should have rDNS,
> but the network police won't arrest you for not doing it.
But there-in lies the rub - I don't see where PTR records are a "MUST"
in the standards. RFC2050 was a "BEST CURRENT PRACTICE" document (and
section 5 of that document related to "In-ADDR.ARPA Domain Maintenance")
not a "INTERNET STANDARD" (or DRAFT or PROPOSED standard). Likewise,
RFC3172.
>F: Network administrators who don't configure reverse DNS should
> be shot.
Hmmmm.....
Old guy
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)
|
