nanog mailing list archives
Re: To CAIS Engineers - WAKE UP AND TAKE CARE OF YOUR CUSTOMERS
From: Valdis.Kletnieks () vt edu
Date: Tue, 15 May 2001 10:18:55 -0400
On Mon, 14 May 2001 23:18:09 PDT, Adam McKenna <adam () flounder net> said:
It does hurt. It causes non-obvious problems. Forcing hostnames and PTR's to match (commonly referred to as PARANOID checking) does not provide extra security, it just prevents people with badly configured DNS from accessing your servers.
I once did a similar check in a Sendmail configuration, and found it to be incredibly useful in reducing the spam load without significantly impacting actual traffic. There's a second-order effect here - the sort of clueless ISP that is unable to get a PTR entry correct is *ALSO* the sort of clueless ISP that is very likely unable to detect/eliminate hacker/spammer/etc nests in their address space. You of course need to be sure that your *own* DNS is rock-solid and up to date (although our departmental network liaisons that maintain their zones have learned that Things Will Not Work if they don't do it right ;). You also need to apply the usual skepticism for results - there *could* be a temporary outage, for instance. It's *NOT* a security measure to deploy by itself. It's however useful as Yet Another Part of a Complete and Balanced Security Breakfast... ;) -- Valdis Kletnieks Operating Systems Analyst Virginia Tech
Attachment:
_bin
Description:
Current thread:
- Re: Swipping /29's /30's and singles.., (continued)
- Re: Swipping /29's /30's and singles.. mike harrison (May 15)
- Re: Swipping /29's /30's and singles.. Hunter Pine (May 15)
- DSL providers and reverse DNS [was Re: To CAIS Engineers - WAKE UP AND TAKE CARE OF YOUR CUSTOMERS] Ulf Zimmermann (May 17)
- RE: To CAIS Engineers - WAKE UP AND TAKE CARE OF YOUR CUSTOMERS Roeland Meyer (May 14)
- Re: To CAIS Engineers - WAKE UP AND TAKE CARE OF YOUR CUSTOMERS Adam McKenna (May 14)
- RE: To CAIS Engineers - WAKE UP AND TAKE CARE OF YOUR CUSTOMERS John Fraizer (May 14)
- Re: To CAIS Engineers - WAKE UP AND TAKE CARE OF YOUR CUSTOMERS Christopher A. Woodfield (May 14)
- Re: To CAIS Engineers - WAKE UP AND TAKE CARE OF YOUR CUSTOMERS Adam McKenna (May 14)
- Re: To CAIS Engineers - WAKE UP AND TAKE CARE OF YOUR CUSTOMERS Christopher A. Woodfield (May 14)
- Re: To CAIS Engineers - WAKE UP AND TAKE CARE OF YOUR CUSTOMERS Adam McKenna (May 15)
- Re: To CAIS Engineers - WAKE UP AND TAKE CARE OF YOUR CUSTOMERS Valdis . Kletnieks (May 15)
- Re: To CAIS Engineers - WAKE UP AND TAKE CARE OF YOUR CUSTOMERS Pyda Srisuresh (May 15)
- RE: To CAIS Engineers - WAKE UP AND TAKE CARE OF YOUR CUSTOMERS Vivien M. (May 15)
- Re: To CAIS Engineers - WAKE UP AND TAKE CARE OF YOUR CUSTOMERS Shawn McMahon (May 15)
- Re: To CAIS Engineers - WAKE UP AND TAKE CARE OF YOUR CUSTOMERS Brett Frankenberger (May 17)
- Re: To CAIS Engineers - WAKE UP AND TAKE CARE OF YOUR CUSTOMERS Shawn McMahon (May 17)
- Re: To CAIS Engineers - WAKE UP AND TAKE CARE OF YOUR CUSTOMERS David Charlap (May 17)
- RE: To CAIS Engineers - WAKE UP AND TAKE CARE OF YOUR CUSTOMERS Pyda Srisuresh (May 15)
- Re: To CAIS Engineers - WAKE UP AND TAKE CARE OF YOUR CUSTOMERS Eric A. Hall (May 15)
- RE: To CAIS Engineers - WAKE UP AND TAKE CARE OF YOUR CUSTOMERS John Fraizer (May 14)