At 7:26 PM +0100 6/23/06, Tony Finch imposed structure on a stream
of electrons, yielding:
David Wilson <David(_dot_)Wilson(_at_)isode(_dot_)com> wrote:
Some years ago a colleague told me that some resolvers, when doing rDNS
lookup with then perform a forward lookup of the hostname, to check that
the A records for the name contain the IP address with which you
started.
I believe this is usually done in the applications rather than in the
resolver itself.
If not true, perhaps it is something which SMTP servers should do
themselves, before using the rDNS name for authorization.
What do you mean "perhaps"? Decent MTAs (e.g. Exim) have been doing this
for many years.
And see http://www.sendmail.org/faq/section3.html#3.38
Note that the date is the date that entry made it into the FAQ, not
the implementation date. Sendmail has been noting such errors in
Received headers since 8.8.6, almost exactly 10 years.
Basically, this is a non-issue. Reverse DNS has never really been
trustworthy, and trusting an unverified rDNS result by itself for
authentication is an unlikely error for any serious piece of modern
software.
--
Bill Cole
bill(_at_)scconsult(_dot_)com
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg