[CLUE-Tech] reverse DNS
Charles Oriez
coriez at oriez.org
Fri Sep 10 18:16:23 MDT 2004
At 03:51 PM 9/10/2004, Angelo Bertolli wrote:
>Charles Oriez wrote:
>
>>At 12:38 PM 9/10/2004, Angelo Bertolli wrote:
>>
>>>Even if there is no RDNS, can't you still block based on IP address?
>>>I mean is it now a requirement to have RDNS set up?
>>
>>
>>recommended procedure is to do both. First step is to refuse connections
>>for invalid RDNS. Second step is to check access.db for local lists of
>>black- or white-listed addresses (for instance, I dont bother checking
>>the blacklists for comcast's SMTP servers, yahoo, aol, etc since
>>virtually no spam comes that way), then check the dnsbls for listed IPA's.
>>
>>since there is really no technical justification for not having valid
>>rdns on any valid server, requiring rdns to be valid on incoming servers
>>is a simple method to block the many trojaned machines
>What is considered "valid" ? Just a response? Or does it need to match
>the DNS entry for that domain name?
>
http://www.dnspark.com/support/faqs.php?expand=1§ion=3&faq=24
--
Charles Oriez coriez at oriez.org 39 34' 34.4"N / 105 00' 06.3"W
**
"Drag God into politics, and you'll ruin his reputation in no time." -
Molly Ivins
More information about the clue-tech
mailing list