Paul Schmehl wrote:
Is there an RFC *requirement* for reverse dns?
RFC 1035 doesn't state that IN-ADDR.ARPA lookups are optional. <snip>
3.5. IN-ADDR.ARPA domain
The Internet uses a special domain to support gateway location and Internet address to host mapping. Other classes may employ a similar strategy in other domains. The intent of this domain is to provide a guaranteed method to perform host address to host name mapping, and to facilitate queries to locate all gateways on a particular network in the Internet.
</snip>
I've been looking through the RFCs and I can't find it. Some folks think reverse dns should be completely disabled. I know for sure that this will break email, because many mail servers won't talk to a server that doesn't reverse. Tcpdump also doesn't like hosts that won't reverse.
What I'm looking for is a standard (RFC) that states that enabling reverse lookups is *required* or reverse lookups are *optional*. If they're optional, then reverse could be disabled for most hosts.
I'm also looking for a list of things that *break* when you disable reverse (e.g. mail).
I would say that reverse dns lookup is at most as "harmful" as normal lookup. It makes a lot of tools more user-friendly.
Even trace route uses this technique to display the names of the internet gateways.
RULES FOR RESPONDING:
1) "Reverse is a good thing" is not an answer. Neither is "Reverse is a bad thing".
2) Opinions are not useful - stick to facts only - chapter and verse please.
3) All replies to the list please - others will find this useful as well.
Paul Schmehl ([EMAIL PROTECTED]) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://www.secunia.com/
-- Ignorance more frequently begets confidence than does knowledge. --- Charles Darwin
-- This message was scanned for spam and viruses by BitDefender. For more information please visit http://linux.bitdefender.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://www.secunia.com/
