But I think we should stop recommending it for end nodes. End-node reverse DNS just nourishes the myth that you can reliably tell who/where/what something/someone is just by doing a reverse lookup on their source address, a myth from whence springs wrongheaded security methodologies, bogus "traffic-shaping" schemes and similar balderdash.
Just because something doesn't work all the time doesn't mean that it's not valuable. My car doesn't work 100% of the time. Does that mean that I should throw it away?
Sorry, this is an absolutely ridiculous argument.
There are spaces in which reverse DNS doesn't work as well as it could/should. These primarily have to do with IP addresses that are dynamically assigned. That issue can be resolved by having the process that assigns the dynamic address also update the reverse DNS. That could be further improved by having a secure mechanism for any node to update it's own reverse DNS for itself.
Sure, it's not going to work 100% of the time. But it's a damn site better than nothing, which is what you propose.
-- Brad Knowles, <[EMAIL PROTECTED]>
"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
-Benjamin Franklin, Historical Review of Pennsylvania.GCS/IT d+(-) s:+(++)>: a C++(+++)$ UMBSHI++++$ P+>++ L+ !E-(---) W+++(--) N+ !w--- O- M++ V PS++(+++) PE- Y+(++) PGP>+++ t+(+++) 5++(+++) X++(+++) R+(+++) tv+(+++) b+(++++) DI+(++++) D+(++) G+(++++) e++>++++ h--- r---(+++)* z(+++) #---------------------------------------------------------------------- # To unsubscribe, send a message to <[EMAIL PROTECTED]>.
