I'd prefer not to give details. I'll give you this much. We're having a philosophical disagreement about the value of disallowing reverse dns for hosts on our network. It's the ancient security by obscurity discussion.
Strictly speaking, this may or may not help you. It would help if you would describe the scenario/situation you are in. I could comment further, but without a bit more specific information, I dont feel I can comment properly.
My concern is that we should not disable dns when (or if) it's required. Obviously we would not disable it for the MX hosts, but I'm unclear what (if anything) the RFC requirements are. Absent any requirements, there's not cogent argument for *not* doing it, with the aforementioned exceptions.
Hopefully that clarifies it a bit.
Some questions that come to mind - what, if anything, is the consequence of disabling reverse lookups for your NS servers? For web servers? For other services? For workstations? Etc., etc.
Paul Schmehl ([EMAIL PROTECTED]) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://www.secunia.com/
