On Tue, 14 Oct 2003, wayne wrote:
Also, domain owners might want to be able to authorize who can use
their domain in an rDNS pointer. Right now, a badguy who controls
their IP address can make it look like they are coming from a
completely unrelated domain.
If everyone implemented double-lookup checks (verify a reverse by checking
the forward and seeing if they matched) it would solve this problem (at
the price of 2x as many lookups for any RDNS checks, of course) - the
domain owner is presumed to be the only one with control of the forward
lookups in their domain, hence a bad guy can't hurt them with a bum,
non-matching, reverse record.
But of course, everyone doesn't do that.
--
Tim Wilde
twilde(_at_)dyndns(_dot_)org
Systems Administrator
Dynamic DNS Network Services
http://www.dyndns.org/
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname(_at_)©#«Mo\¯HÝÜîU;±¤Ö¤Íµø?¡