SecurityFocus

Has anyone implemented "double forward DNS"? Aug 30 2008 12:05AM
Duncan Simpson (dps simpson demon co uk) (5 replies)

Re: Has anyone implemented "double forward DNS"? Sep 03 2008 04:40PM
Jerry Franz (jfranz freerun com)

Duncan Simpson wrote:

[...]
> The idea here is that a client that finds www.example.com is 192.168.3.42 does
> not trist this infiormation. Instead it looks up 42.3.168.192.in-addr.arpa and
> checks for a PTR record saying www.example.com. If one is not found then the
> result is disinformation and should not be used. Of course if the bad guy also
> controls the client's information about the reverse zone it still loses.
[...]

Your proposal would cause a lot of trouble for sites using shared-ip
virtual webhosting (read many, perhaps most, sites) since it could
require potentially thousands (or more) of PTR records for each
shared-ip webserver IP (which would do nasty things to DNS in general).

--
Benjamin Franz

[ reply ]

Re: Has anyone implemented "double forward DNS"? Sep 03 2008 07:46AM
terry white (twhite aniota com)

Re: Has anyone implemented "double forward DNS"? Sep 03 2008 03:42AM
The Fungi (fungi yuggoth org)

Re: Has anyone implemented "double forward DNS"? Sep 03 2008 12:25AM
Glynn Clements (glynn gclements plus com)

Re: Has anyone implemented "double forward DNS"? Sep 02 2008 11:59PM
Ansgar Wiechers (bugtraq planetcobalt net) (1 replies)

Re: Has anyone implemented "double forward DNS"? Sep 04 2008 01:34PM
Ansgar -59cobalt- Wiechers (bugtraq planetcobalt net) (1 replies)

Re: Has anyone implemented "double forward DNS"? Sep 05 2008 09:11AM
Steven Bakker (steven bakker ams-ix net)