Reverse DNS and RFC 2317
John Coutts
administrator at yellowhead.com
Thu May 18 15:33:36 UTC 2000
As far as you providing services to the outside world, there is no problem. The
problem occurs when you (or anyone on your network) wants to access services
that require a domain or node name verification. These include some educational
institutions, some download sites, and many email servers (including ours). To
protect against spammers using ficticious return addresses to access the mail
server directly, the server does a reverse lookup on the the sending IP to
verify that the domain name corresponds to the domain name in the return
address. If it doesn't, it returns the email. Since implementing this feature,
spam of this type has dropped to zero at our location.
J.A. Coutts
Systems Engineer
Edsonet/TravPro
*************** SEPARATER **************
In article <01BFC074.F2F44FA0.gwardell at Yeshua.cc>, gwardell at Yeshua.cc says...
>
>Hi,
>
>But in my case, and the reason I posed this question, I have a few services
>running, one of them being a mail server running at mail.yeshua.cc.
>
>The ISP I am currently at has virtually nothing in the in-addr.arpa for the
>class C block than my 16 ips are in.
>
>Another ISP that I talked to, thinking of moving, said that they don't
>delegae and that they wouldnlt put my mserver name in either. That they
>only use generic name like dsl.max63.isp.net. While my forward would be
>mail.yeshua.cc which also apears on my MX. The second ISP almost guranteed
>that I wouldn't have any trouble with their setup.
>
>So. if the reciveing MTA is checking for a matchiung name in the MX record
>and the existance of a reversx PTR then I'm ok, right?
>
>BTW, I think your right that my current upstream ISP doesn't have a clue
>about several things.
>
>Gary
>
>
More information about the bind-users
mailing list