In message <1330508848.24108.140661042811...@webmail.messagingengine.com>, nudge writes: > A thought regarding the pros and cons of DNSSEC that I don't recall > being mentioned.
There are a whole set of things you can do once you have secure DNS. You just have to use your imagination. This one has always been blindling obvious. > Was reverse-dns verification introduced in response to a lack of > confidence in forward-dns? This can cause much frustration, especially > in smaller environments. If the implementation of DNSSEC allowed us to > avoid using reverse-dns then perhaps that could be beneficial to many. Not accepting SMTP from machines without a reverse DNS entry has nothing to do with the security of the DNS (forward or reverse). It had (past tense) to do with a strong correlation between compromised machines spewing out spam and lack of reverse DNS entries. If you actually read the RFCs they say "do NOT do this check". If you are sane you only use it as one input into deciding if email is spam. The lack of a PTR record, by itself, shouldn't be enough to get a piece of email rejected though I do know lots of sites do it. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
