DNS question about hostnames

Kevin Darcy kcd at daimlerchrysler.com
Fri Sep 15 19:46:23 UTC 2000


DNS is just an information resource. Without knowing what protocol the client
*intends* to use to connect to a given host, it can't really enforce any
protocol restrictions. About the best you could do right now is have only an
MX record for mail.sample.org, pointing to a non-mail-related hostname. At
least then you could cut down on some *unintended* uses of mail.sample.org for
protocols besides SMTP. If SRV records are ever implemented on a wide scale,
you'll be able to do the same thing for all SRV-enabled protocols, to curb
*unintended* protocol misuse. But a determined abuser could still look up the
MX record or SRV record and try to connect to the target using some
non-advertised protocol. True enforcement needs to be done at the network
and/or host level.


- Kevin

Hugo Kleinhans wrote:

> Hi all,
>
> Say I have a web server, ftp server, and mail server all on one machine and
> I want people to be able to access the webserver through just
> www.sample.bogus and the ftp server through just ftp.sample.bogus and the
> mail server through just mail.sample.bogus. As it is now, people can access
> the web server through www, ftp, and mail and this is the same for the other
> two servers.
>
> Thank you,
>
> Hugo K.
> webmaster at kc2bmg.com






More information about the bind-users mailing list