[ On Friday, February 7, 2003 at 12:00:41 (-0800), Jeremy C. Reed wrote: ]
> Subject: Re: [Exim] Address rewriting vs. CNAME records?
>
> TCP Wrappers does offer a double lookup test to make sure the DNS is
> correct. See hosts_access(5) for PARANOID.
... and of course TCP Wrappers is just one of the more popular examples
of a server or server wraper that will do such checks. "rshd -a" and
"rlogind -a" are others, and my own version of "fingerd -i" is yet
another.
DNS replies are so easy to spoof, and nameserver caches so easy to
corrupt, that not checking for the consistency between PTRs and A
records (when there are any PTRs) is just asking for trouble.
--
Greg A. Woods
+1 416 218-0098; <g.a.woods@???>; <woods@???>
Planix, Inc. <woods@???>; VE3TCP; Secrets of the Weird <woods@???>