Reverse Dns Question...is it really necessary or not?
Jonathan de Boyne Pollard
J.deBoynePollard at Tesco.NET
Sun Jul 18 16:45:04 UTC 2004
KD> some misguided mail servers/admins use reverse lookups as a
KD> kind of litmus test for spam (as if spammers couldn't come
KD> up with their own reverse records, duh).
CM> Right, but spambots don't.
Rubbish. Hijacked third-party machines also often have address->name
mappings, and for pretty much the same reason: The people whose machines have
been hijacked also have deal with the numbskulls who employ these daft
"security" mechanisms on their various TCP services.
The end result of this silly game is that every TCP client in the world
connects from an IP address which has an address->name mapping (plus whatever
other mappings these misguided administrators come up with) listed in the
public DNS database, and the world is effectively back to where it started
(with the exception that the process of allocating an IP address has all this
extra baggage attached to it that *everyone* has to carry).
JdeBP> ... which, of course, they do. And as a consequence these
JdeBP> misguided administrators come up with ever more convoluted,
JdeBP> arbitrary, and fallacious DNS-based tests to apply, and
JdeBP> cause more and more false positives as a consequence.
CM> This is becoming more prevalent. Not less so.
Where did anybody say that this foolishness was becoming less prevalent, or
even comment upon its prevalence at all ? To whom are you actually responding
?
CM> It's a fact, like it or not.
CM> [...]
CM> 's all I got to say.
And it wasn't particularly worthwhile for you to say it. The fact that one
has to deal with foolishness doesn't prevent one from attempting to rectify
that foolishness, by pointing out that it *is* foolishness and why. Saying
nothing more than "You have to deal with foolishness, even if you don't like
it." to those who do so, contributes exactly nothing.
CM> I want to run an open relay, [...]
CM> I want to run an open innd server, [...]
Your analogies, between not having published address->name mappings for the IP
addresses of service clients and running promiscuous proxy servers of various
kinds, are false ones.
More information about the bind-users
mailing list