On Wed, 30 Oct 2013, Andrew Sullivan wrote:
On Wed, Oct 30, 2013 at 04:24:42PM +0000, Nick Hilliard wrote:
the only thing that's important is that forward and reverse DNS matches.
As I think I've said before on this list, when we tried to get consensus on that claim in the DNSOP WG at the IETF, we couldn't. Indeed, we couldn't even get consensus on the much more bland statement, "Some people rely on the reverse, and you might want to take that into consideration when running your services."
The classic TCP wrapper had this as one of the security features, if reverse said something and this couldn't be verified by doing a forward lookup, the reverse was treated as invalid and not used for name based policies. -- Mikael Abrahamsson email: swmike@swm.pp.se