TF> You make it sound as if checking the consistency of forward and
reverse TF> DNS is something new or mysterious.
I'm going to have to agree with Tony here. I believe that an IP should
have a PTR, and that PTR should lead to an A record containing that
original IP. That, often referred to as FCrDNS (forward confirmed reverse
dns) to me, constitutes "authorized to use the name".
--Dave Crocker <dhc(_at_)dcrocker(_dot_)net> wrote:
Tony,
1. "Consistency" is not the same as "authorization".
Again I am completely failing to understand how an A record (which maps a
name onto an IP) means anything other than "this IP is authorized to use
the name".
Can you give an example of where a domain owner would have an A record such
as: mail1.example.com IN A 10.1.2.3
and that any reasonable person would conclude that 10.1.2.3 is *not*
authorized to use the name?
2. I was attempting to highlight an issue about the trust assumptions
that people might make but shouldn't.
Was that the assumption I alluded to above, which is that FCrDNS
constitutes authorization by a domain to use a name?
3. If there are standards for asserting and validating these
relationships, please point us to them.
My understanding is that FCrDNS is pretty widely used in the anti-spam
community, as well as other applications.
4. Being able to use well-established and valid techniques as the basis
for a standard is always a good thing, indeed.
Would you count PTR records as a standard? How about A records? :)
--
Greg Connor <gconnor(_at_)nekodojo(_dot_)org>