Re: [Full-disclosure] Reverse dns
From: Paul Schmehl (pauls_at_utdallas.edu)
Date: Thu, 10 Mar 2005 11:30:51 -0600 To: firstname.lastname@example.org
--On Thursday, March 10, 2005 10:39:38 AM -0600 Duo
> Strictly speaking, this may or may not help you. It would help if you
> would describe the scenario/situation you are in. I could comment
> further, but without a bit more specific information, I dont feel I can
> comment properly.
I'd prefer not to give details. I'll give you this much. We're having a
philosophical disagreement about the value of disallowing reverse dns for
hosts on our network. It's the ancient security by obscurity discussion.
My concern is that we should not disable dns when (or if) it's required.
Obviously we would not disable it for the MX hosts, but I'm unclear what
(if anything) the RFC requirements are. Absent any requirements, there's
not cogent argument for *not* doing it, with the aforementioned exceptions.
Hopefully that clarifies it a bit.
Some questions that come to mind - what, if anything, is the consequence of
disabling reverse lookups for your NS servers? For web servers? For other
services? For workstations? Etc., etc.
Paul Schmehl (email@example.com)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://www.secunia.com/