Reverse DNS RFCs and Recommendations

• Previous message (by thread): Reverse DNS RFCs and Recommendations
• Next message (by thread): Reverse DNS RFCs and Recommendations
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Andrew Sullivan wrote:

>> The classic TCP wrapper had this as one of the security features
> 
> I would agree with that if you'd put scare-quotes around the word
> "security".  In general anyone depending on the reverse tree to
> provide them any kind of security is engaged in wishful thinking,

No, it's you who have wishful thinking.

> particularly if the lookup isn't validated with DNSSEC.

As is discussed recently in IETF main and dns MLs, Lack of
secure time in most environment makes DNSSEC insecure.

Legal enforcement on zone administrators makes related zones
insecure.

For most users, security by plain DNS with reverse look up is
fine.

						Masataka Ohta

• Previous message (by thread): Reverse DNS RFCs and Recommendations
• Next message (by thread): Reverse DNS RFCs and Recommendations
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]