15 May
2001
15 May
'01
2:18 a.m.
On Mon, May 14, 2001 at 05:27:09PM -0400, Christopher A. Woodfield wrote:
I didn't intend to imply that matching forward/reverse DNS was a security measure I'd trust by itself, but it certainly doesn't hurt to implement as a "outer perimeter" measure in conjunction with IP-based rules and secure authentication...
It does hurt. It causes non-obvious problems. Forcing hostnames and PTR's to match (commonly referred to as PARANOID checking) does not provide extra security, it just prevents people with badly configured DNS from accessing your servers. --Adam