To CAIS Engineers - WAKE UP AND TAKE CARE OF YOUR CUSTOMERS

• Previous message (by thread): To CAIS Engineers - WAKE UP AND TAKE CARE OF YOUR CUSTOMERS
• Next message (by thread): To CAIS Engineers - WAKE UP AND TAKE CARE OF YOUR CUSTOMERS
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, May 14, 2001 at 05:27:09PM -0400, Christopher A. Woodfield wrote:
> 
> I didn't intend to imply that matching forward/reverse DNS was a security 
> measure I'd trust by itself, but it certainly doesn't hurt to implement as 
> a "outer perimeter" measure in conjunction with IP-based rules and 
> secure authentication...

It does hurt.  It causes non-obvious problems.  Forcing hostnames and PTR's
to match (commonly referred to as PARANOID checking) does not provide extra
security, it just prevents people with badly configured DNS from accessing
your servers.

--Adam

• Previous message (by thread): To CAIS Engineers - WAKE UP AND TAKE CARE OF YOUR CUSTOMERS
• Next message (by thread): To CAIS Engineers - WAKE UP AND TAKE CARE OF YOUR CUSTOMERS
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]