Re: help
On Sat, 08 Dec 2001, zhangsc@neusoft.com wrote:
> I have question about DNS.
I am not quite sure I follow your questions, but I will try to answer
them.
> I want to know reverse DNS role. When I input a IP address, DNS will
> return the IP's relevent domain,
Yes.
> what role of this function in DNS?
Debugging: You can find out what host name is associated with an address
when, for example, you perform a ping or traceroute operation.
Informational: You can turn the address of a client machine into some
sort of name that's easier for a human to understand when reading your
logs.
Reverse DNS lookup is also used as a security tool in a number of
places, including the "TCP Wrappers". It is ineffective in this role,
however, in an uncontrolled environment like the Internet.[1]
> My second question whether adverse DNS
Do you mean "reverse" here, or do you mean "hostile"?
> is related with firewall,if has,what is it?
If you mean reverse, it serves little real purpose on a firewall
machine. You shouldn't process log files on it, so it's only for
debugging that it helps at all.
Don't try securing a network by requiring reverse DNS exist or map to
the same hostname or anything. You will deny service to legitimate users
without adding any real protection against an attacker.
Daniel
Footnotes:
[1] Others may disagree with this assessment. If you do, I welcome your
description of a scenario where this /does/ add security.[2]
[2] ...in the absence of DNSSEC being implemented, which is the current
(common) case, of course. Adding DNSSEC changes the playing field.
--
Prometheus, lest we forget is the lesser Greek god that created man, stole
fire, and -- in the process of duping Zeus -- performed the first sacrifice,
the beginnings of human culture.
-- Eric Norlin, _Finally, we have a point!_ (August 6, 2001)
Reply to:
- References:
- help
- From: 张少驰 <zhangsc@neusoft.com>