At 12:22 AM 1/4/02, Chuck Yerkes wrote: >Good! This is a basic Best Practice. If you have an IP >address, you MUST have a reverse entry for that. I get really >tired of working around bad administration. >You must be THIS ------> >tall to play on the Internet. If they can't follow the few >rules, then they should get a nice Compuserve account. > >The RFC standards are not just there to be boring reading.
There's been a fair bit of discussion of just what is Best Practice in this area. Give draft-ietf-dnsop-inaddr-required-02.txt a read, and provide some feedback. Despite the name of the draft, at this point the document basically strongly encourages accurate and complete configuration of INADDR, but also strongly discourages the use of DNS lookups, including INADDR, as any sort of "security" mechanism. >Quoting Alan Brown ([EMAIL PROTECTED]): > > On Wed, 2 Jan 2002, Gregory Hicks wrote: > > > > > > Think "travelling user." You'll never have control over everything. > > > > > > Daniel: > > > > > > Even a traveling user *should* reverse lookup - even if they come from > > > some unrelated ISP. Or am I not understanding the"Travelling user" > > > issue? > > > > I can show you entire countries where the number of correctly resolvig > > IPs is vastly outnumberd by borked or completely non-existant rDNS > > entries. > > > > I'm sitting in one now in southeast asia. It causes merry hell trying to > > make connections to my accounts all round the world via ssh as most > > admins have things set in DNS paranoia mode for interactive sessions. ----------------------------------------------------------------- Daniel Senie [EMAIL PROTECTED] Amaranth Networks Inc. http://www.amaranth.com
