North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: the value of reverse address lookups?
Douglas F. Calvert wrote: On Wed, 2004-03-31 at 19:59, Stephen J. Wilcox wrote:I am interested in both cases smtp and other services. Syr.edu onlyOn Wed, 31 Mar 2004, Douglas F. Calvert wrote:Well, my understanding is that whilst its easy to get a domain name and some dnsI am interested in finding out what the motivation is for requiring valid reverse address lookups before connecting to a daemon. I have heard a number of different explanations, the majority of the responses point to history/tradition and tcpwrappers. Is there a commonly accepted justification for this practice? In my opinion it does not appear to increase the validity of the connection. But I may be missing something obvious. Thanks in advance... Speaking for myself only, and for the groups that I used to manage at the time I managed them... There is a concept of a Complete Job in doing something. In the case of exposing a machine to a larger community, that Complete Job includes (but is not limited to) such things as insuring that machine is physically up to its assigned task, that its Operating system is appropriate and at the appropriate patch level, that the software is appropriate for the assignment, and properly configured, that the installation is physically and operationally secure, and that all of the paperwork (including virtual paperwork like domain registrations and DNS minutia) is in order. If you are an outsider looking in at one of my installations, that last one is the only one you can readily look at to see if you think I am worthy of your trust. -- Requiescas in pace o email
|