[CLUE-Tech] reverse DNS
Angelo Bertolli
angelo at freeshell.org
Fri Sep 10 15:51:23 MDT 2004
Charles Oriez wrote:
> At 12:38 PM 9/10/2004, Angelo Bertolli wrote:
>
>> Even if there is no RDNS, can't you still block based on IP address?
>> I mean is it now a requirement to have RDNS set up?
>
>
> recommended procedure is to do both. First step is to refuse
> connections for invalid RDNS. Second step is to check access.db for
> local lists of black- or white-listed addresses (for instance, I dont
> bother checking the blacklists for comcast's SMTP servers, yahoo, aol,
> etc since virtually no spam comes that way), then check the dnsbls for
> listed IPA's.
>
> since there is really no technical justification for not having valid
> rdns on any valid server, requiring rdns to be valid on incoming
> servers is a simple method to block the many trojaned machines
>
What is considered "valid" ? Just a response? Or does it need to match
the DNS entry for that domain name?
Angelo
More information about the clue-tech
mailing list