-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 In message <capt1n1mm3jht1dwepugeht+fvoxddszzzufeghq67xjepza...@mail.gma il.com>, Ted Lemon <mel...@fugue.com> writes
> NEW: > RFC 1912 recommended that "every internet-reachable host should > have a name" and says "Failure to have matching PTR and A records > can cause loss of Internet services similar to not being registered > in the DNS at all." Although the second of these two > recommendations is no longer considered to be a "best practice," > some network services still do perform a PTR lookip on the source > address of incoming connections and verify that the PTR and A > records match before providing service. "some network services still do" is rather vague (and thus unnecessarily encourages those of a conservative viewpoint to continue a practice that I still think is beyond its sell-by date). ... is it not possible to indicate that the only services ever believed to have acted upon this type of check are email and (in the last century) FTP ? Or is that an incorrect statement ? It is, I suppose, relatively common for logging systems to do a reverse lookup with a view to improving log readability. However, logging systems don't generally attempt to check that forward and reverse match, and so there is significant risk of being misled by the wicked. Asking the bad guy to tell you their name and not checking their answer is never the most solid of approaches. - -- richard Richard Clayton Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755 -----BEGIN PGP SIGNATURE----- Version: PGPsdk version 1.7.1 iQA/AwUBVySl6Tu8z1Kouez7EQIAHgCfV97gW5LN3DNQIUcj33v+n5o3uHoAoIun NfFxFBKaAMzZZ9L+f1OO5e9W =uUpi -----END PGP SIGNATURE----- _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
