Re: Reverse DNS Lookup
From: Barry Margolin (barmar@genuity.net)Date: 11/14/02
- Previous message: Alun Jones: "Re: RR.COM Infected Nodes"
- In reply to: Alun Jones: "Re: Reverse DNS Lookup"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Barry Margolin <barmar@genuity.net> Date: Thu, 14 Nov 2002 19:30:07 GMT
In article <kGSA9.1204$025.556899463@newssvr12.news.prodigy.com>,
Alun Jones <alun@texis.com> wrote:
>In article <4JPA9.7$Xq1.1055@paloalto-snr1.gtei.net>, Barry Margolin
><barmar@genuity.net> wrote:
>>In article <20021113223020.15487.00000568@mb-cr.aol.com>,
>>Determine99 <determine99@aol.com> wrote:
>>>How does reverse DNS lookup help SMTP in performing authentication? Any
>>>explanation would be greatly appreciated.
>>
>>It's not useful directly in authentication, but it makes troubleshooting
>>easier. The server can put the hostname of the client in the "Received"
>>header. This saves you the trouble of performing the lookup when you're
>>trying to trace back the origination of a message.
>
>It's also fairly common in servers to map from the source IP address to a
>name, and from that name forward to an IP address, to see if they match. In
>that way, you're likely to _really_ be talking to the host whose name is that
>claimed by reverse DNS.
>
>Let's say, for instance, that I am authoritative for the 168.192.in-addr.arpa
>name space - I could very easily claim that 192.168.1.1 is
>billg.microsoft.com. A lookup to a name server that is authoritative for
>microsoft.com would, however, dispel that myth quite quickly.
Right. When sendmail notices that inconsistency, it puts a comment like
"(may be forged)" after the hostname in the Received line.
Another way in which reverse DNS is often used, and perhaps this is what
the OP was looking for, is in access lists on mail relays. Consumer ISPs
usually allow access to their SMTP relay by checking for IP addresses in
their range, but this is not as feasible for enterprise ISPs like us. Many
of our customers have their own address ranges, or they are multi-homed and
have addresses assigned by their other ISP, so it's difficult for us to
construct an access list containing all of our customer IPs. Instead, we
require our customers to tell us if they need to use our mail relay (most
don't, since enterprises often have their own SMTP servers). We put their
domain in an access list, and the server performs a reverse DNS lookup to
determine whether they're in one of the domains. It also performs the
forward lookup that Alun described, to prevent use by spoofers.
-- Barry Margolin, barmar@genuity.net Genuity, Woburn, MA *** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups. Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.
- Next message: Tracker: "Re: FWOUTs"
- Previous message: Alun Jones: "Re: RR.COM Infected Nodes"
- In reply to: Alun Jones: "Re: Reverse DNS Lookup"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
