[ipv6-ops] Re: mail filtering based on reverse DNS
Jeroen Massar
jeroen at unfix.org
Thu Aug 11 18:34:49 CEST 2011
On 2011-08-11 17:59 , Aaron Hughes wrote:
[..]
> on the bottom of each zone file. This of course requires a match of a
> zero. I thought about what this might look like in some more expanded
> form and gave up, but if others have ideas about how to accomplish
> this I would be all ears.
Just use a:
* DNAME your.pointer.bla.
But what you need to understand that it is totally futile to do this as
any tool that even bothers looking at the reverse should be checking if
IP => reverse => forward => IP matches and otherwise toss it. As you
can't do the latter that check will fail and thus that reverse should
not be used by any tool giving any weight to reverses (next to of course
always logging both the IP + name, as they are just extra details and
are volatile anyway, next to generally not being DNSSEC signed and thus
generally also spoofable on many levels).
Reminds me of http://www.freebsd.org/cgi/query-pr.cgi?pr=22595
And the only reason why I think reverse is useful is because we are
still no computers and humans like names while computers love numbers,
but they should always come together never apart.
Greets,
Jeroen
More information about the ipv6-ops
mailing list