Re: [Exim] Address rewriting vs. CNAME records?

Góra strony
Delete this message
Reply to this message
Autor: Exim Users Mailing List
Data:  
Dla: Exim Users Mailing List
Temat: Re: [Exim] Address rewriting vs. CNAME records?
[ On Friday, February 7, 2003 at 12:00:41 (-0800), Jeremy C. Reed wrote: ]
> Subject: Re: [Exim] Address rewriting vs. CNAME records?
>
> TCP Wrappers does offer a double lookup test to make sure the DNS is
> correct. See hosts_access(5) for PARANOID.


... and of course TCP Wrappers is just one of the more popular examples
of a server or server wraper that will do such checks. "rshd -a" and
"rlogind -a" are others, and my own version of "fingerd -i" is yet
another.

DNS replies are so easy to spoof, and nameserver caches so easy to
corrupt, that not checking for the consistency between PTRs and A
records (when there are any PTRs) is just asking for trouble.

--
                                Greg A. Woods


+1 416 218-0098;            <g.a.woods@???>;           <woods@???>
Planix, Inc. <woods@???>; VE3TCP; Secrets of the Weird <woods@???>