Educause Security Discussion mailing list archives
Re: Best practice for reverse DNS records
From: Richard H Gadsden <gadsden () MUSC EDU>
Date: Tue, 14 Jan 2014 10:18:01 -0500
On Mon, 13 Jan 2014, Lisciotti, Kevin wrote:
Hi everyone, I was curious as to what others do in regards to creating external PTR records.
On our external DNS servers, every IP address in our Class B that is assigned to an Internet-facing host, such as an smtp or web server, gets the usual PTR record, which points to the host's public external name.
For every other IP address in our Class B, we publish a generic PTR record, for example y.x.23.128.in-addr.arpa -> 128-23-x-y.musc.edu.
This way, every host on our network has a valid, public PTR record on our external DNS servers, but we don't give anything away (that we don't have to) to anyone doing DNS recon from the outside.
-- Richard Gadsden Information Security Office Office of the CIO - Information Services Medical University of South Carolina 19 Hagood Ave, Suite 201 Charleston SC, USA 29425-8150
Current thread:
- Best practice for reverse DNS records Lisciotti, Kevin (Jan 13)
- Re: Best practice for reverse DNS records Ken Connelly (Jan 13)
- Re: Best practice for reverse DNS records Julian Y Koh (Jan 13)
- Re: Best practice for reverse DNS records Richard H Gadsden (Jan 14)
- Re: Best practice for reverse DNS records Valdis Kletnieks (Jan 14)
- Message not available
- Re: Best practice for reverse DNS records Lisciotti, Kevin (Jan 14)