Reverse DNS a Security Risk?
Chris_Cox at stercomm.com
Tue Oct 30 18:53:54 UTC 2001
> -----Original Message-----
> From: james at unifiedmind.com [mailto:james at unifiedmind.com]
> Sent: Tuesday, October 30, 2001 12:32 PM
> To: comp-protocols-dns-bind at moderators.isc.org
> Subject: Reverse DNS a Security Risk?
> My ISP is refusing to offer reverse DNS claiming that it is a
> security risk...
> 1. What are they thinking?
My guess is that they are thinking... if they know the IP, they
can get the name and the name might tell them something about
what the "whatever" does on that IP.
> 2. Are they making this up? -- what reason would they
> have for doing this?
My guess... it's the name issue. Similar to issues as to why
you don't want people to do a zone transfer. However, the
decision should not be theirs to make.
> 3. If it isn't a security risk, then where can I find
> documentation refuting this notion?
It's a security decision point... the handling of how inverse
zones are mapped belongs to the security team of the
one who has authority for the zone. It could be that they
do not know how to configure things to allow you to be
authoritative for a porition of the inverse zone (if
you have only a limited block of a class C for instance)...
but who knows (??).
More information about the bind-users