Nothing would break with the removal of reverse DNS, as no one is relying
on it for anything. (Anyone who is relying on it, shouldn't be.)
--Dean
On Fri, 21 Mar 2003, Brad Knowles wrote:
> At 6:18 PM -0500 2003/03/20, Kevin Darcy wrote:
>
> >> You claim that reverse DNS causes harm. Can you provide evidence
> >> for this claim?
> >
> > The (un-Kerberized) versions of the "r-series" commands harm security
> > infrastructure, and reverse DNS enables them to function.
>
> So, we should break reverse DNS just so that r-commands don't
> work? Excuse me?!? Do you recommend killing the patient just so
> that you don't have to deal with their hangnail problem?!?
>
> I'm sorry, just because some morons choose to leave themselves
> open to the r-command problem is not sufficient justification for no
> longer doing reverse DNS. Fix that problem where it exists, namely
> within the set of commands that are enabled by default from the
> vendors, or by updating the "best security practices" documentation
> to suit.
>
> > Simplistic spam-catching techniques based exclusively on reverse lookups harm
> > intended mail recipients with their frequent false positives.
>
> See above. This would be like throwing out the whole planet with
> the bath water, not just the baby.
>
> --
> Brad Knowles, <[EMAIL PROTECTED]>
>
> "They that can give up essential liberty to obtain a little temporary
> safety deserve neither liberty nor safety."
> -Benjamin Franklin, Historical Review of Pennsylvania.
>
> GCS/IT d+(-) s:+(++)>: a C++(+++)$ UMBSHI++++$ P+>++ L+ !E-(---) W+++(--) N+
> !w--- O- M++ V PS++(+++) PE- Y+(++) PGP>+++ t+(+++) 5++(+++) X++(+++) R+(+++)
> tv+(+++) b+(++++) DI+(++++) D+(++) G+(++++) e++>++++ h--- r---(+++)* z(+++)
> #----------------------------------------------------------------------
> # To unsubscribe, send a message to <[EMAIL PROTECTED]>.
>
#----------------------------------------------------------------------
# To unsubscribe, send a message to <[EMAIL PROTECTED]>.