[CLUE-Tech] reverse DNS
Charles Oriez
coriez at oriez.org
Fri Sep 10 14:37:41 MDT 2004
At 12:38 PM 9/10/2004, Angelo Bertolli wrote:
>Even if there is no RDNS, can't you still block based on IP address? I
>mean is it now a requirement to have RDNS set up?
recommended procedure is to do both. First step is to refuse connections
for invalid RDNS. Second step is to check access.db for local lists of
black- or white-listed addresses (for instance, I dont bother checking the
blacklists for comcast's SMTP servers, yahoo, aol, etc since virtually no
spam comes that way), then check the dnsbls for listed IPA's.
since there is really no technical justification for not having valid rdns
on any valid server, requiring rdns to be valid on incoming servers is a
simple method to block the many trojaned machines
--
Charles Oriez coriez at oriez.org 39 34' 34.4"N / 105 00' 06.3"W
**
"Drag God into politics, and you'll ruin his reputation in no time." -
Molly Ivins
More information about the clue-tech
mailing list