Re: To CAIS Engineers - WAKE UP AND TAKE CARE OF YOUR CUSTOMERS

• From: Adam McKenna
• Date: Tue May 15 06:14:40 2001

On Mon, May 14, 2001 at 05:27:09PM -0400, Christopher A. Woodfield wrote:
> 
> I didn't intend to imply that matching forward/reverse DNS was a security 
> measure I'd trust by itself, but it certainly doesn't hurt to implement as 
> a "outer perimeter" measure in conjunction with IP-based rules and 
> secure authentication...

It does hurt.  It causes non-obvious problems.  Forcing hostnames and PTR's
to match (commonly referred to as PARANOID checking) does not provide extra
security, it just prevents people with badly configured DNS from accessing
your servers.

--Adam

• Follow-Ups:
  • Re: To CAIS Engineers - WAKE UP AND TAKE CARE OF YOUR CUSTOMERS Valdis.Kletnieks

• References:
  • RE: To CAIS Engineers - WAKE UP AND TAKE CARE OF YOUR CUSTOMERS Roeland Meyer
  • Re: To CAIS Engineers - WAKE UP AND TAKE CARE OF YOUR CUSTOMERS Christopher A. Woodfield
  • Re: To CAIS Engineers - WAKE UP AND TAKE CARE OF YOUR CUSTOMERS Adam McKenna
  • Re: To CAIS Engineers - WAKE UP AND TAKE CARE OF YOUR CUSTOMERS Christopher A. Woodfield

• Prev by Date: Re: How many routed hops would be considered too many to leave an AS
• Next by Date: RE: To CAIS Engineers - WAKE UP AND TAKE CARE OF YOUR CUSTOMERS
• Date Index
• Thread Index
• Author Index
• Historical