[CLUE-Tech] reverse DNS

[Nate Duehr]

Charles Oriez wrote:

> since there is really no technical justification for not having valid 
> rdns on any valid server, requiring rdns to be valid on incoming servers 
> is a simple method to block the many trojaned machines

There is one.  Multiple domains hosted off the same server.  The RDNS 
can only match one of them.

Kinda a pain for the frugal folks trying to host multiple domain's 
webservers and e-mail servers off of the same physical box, but if one 
has an endless supply of IP addresses, you can usually work around it by 
putting multiple IP's on the same system.

Same/similar problem with SSL keys.  DNS name has to match the SSL 
certificate.

--
Nate Duehr, nate at natetech.com