... darkrealms ...

Forums before death by AOL, social media and spammers... "We can't have nice things"

comp.protocols.tcp-ip

TCP and IP network protocols.

14,669 messages

[ << oldest | < older | list | newer > | newest >> ]

Message 14,146 of 14,669

D. Stussy to glen herrmannsfeldt

Re: Reverse DNS optional?

04 Feb 15 15:17:24

   From: spam+newsgroups@bde-arc.ampr.org   

   "Moe Trin"  wrote in message   
   news:slrnmd2h57.nl4.ibuprofin@planck.phx.az.us...   
   On Tue, 3 Feb 2015, in the Usenet newsgroup comp.protocols.tcp-ip, in   
   article   
   , glen herrmannsfeldt wrote:   

   >A: Nobody uses it, and it is a waste of time to set up the servers.   

   A: Nobody uses it, and it is too HARD to set up the servers.   ;-)   

   I've also seen people who avoid setting things up because it's a huge   
   security hole if you let people figure out host names...   either that   
   or they make you the object of intense laughter/ridicule.   I've also   
   seen a lot of setups where "dig -x 192.0.2.22" would return the answer   
   "22.2.0.192-in-addr.arpa" (PTR records obviously created by a perl or   
   shell script).   

   >C: Only hosts that make outgoing connections need DNS, don't waste   
   >   the time otherwise.   

   man 5 hosts_access   

      PARANOID   
        Matches any host whose name does not match its address.  When tcpd   
        is  built  with  -DPARANOID (default mode), it drops requests from   
        such clients even before looking at  the  access  control  tables.   
        Build  without  -DPARANOID  when  you  want more control over such   
        requests.   

   tcp_wrappers hasn't been maintained, and the last version released was   
   7.6 is dated 7 April, 1997.   On the other hand, I think most SMTP   
   servers are also set to require matching DNS entries.   

   >E: Every host (and each port of multi-homed hosts) should have rDNS,   
   >   but the network police won't arrest you for not doing it.   

   But there-in lies the rub - I don't see where PTR records are a "MUST"   
   in the standards.   RFC2050 was a "BEST CURRENT PRACTICE" document (and   
   section 5 of that document related to "In-ADDR.ARPA Domain Maintenance")   
   not a "INTERNET STANDARD" (or DRAFT or PROPOSED standard).   Likewise,   
   RFC3172.   

   >F: Network administrators who don't configure reverse DNS should   
   >   be shot.   

   Hmmmm.....   
   =================   

   If you want to send email, you better have it for your outbound mail   
   server(s).  Not having it has its own SMTP denial error message code   
   (5.7.25).  VOIP services also demand it.   

   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)

[ << oldest | < older | list | newer > | newest >> ]