[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: help

On Sat, 08 Dec 2001, zhangsc@neusoft.com wrote:
> I have question about DNS.

I am not quite sure I follow your questions, but I will try to answer

> I want to know reverse DNS role. When I input a IP address, DNS will
> return the IP's relevent domain,


> what role of this function in DNS? 

Debugging: You can find out what host name is associated with an address
when, for example, you perform a ping or traceroute operation.

Informational: You can turn the address of a client machine into some
sort of name that's easier for a human to understand when reading your

Reverse DNS lookup is also used as a security tool in a number of
places, including the "TCP Wrappers". It is ineffective in this role,
however, in an uncontrolled environment like the Internet.[1]

> My second question whether adverse DNS 

Do you mean "reverse" here, or do you mean "hostile"?

> is related with firewall,if has,what is it?

If you mean reverse, it serves little real purpose on a firewall
machine. You shouldn't process log files on it, so it's only for
debugging that it helps at all.

Don't try securing a network by requiring reverse DNS exist or map to
the same hostname or anything. You will deny service to legitimate users
without adding any real protection against an attacker.


[1]  Others may disagree with this assessment. If you do, I welcome your
     description of a scenario where this /does/ add security.[2]

[2]  ...in the absence of DNSSEC being implemented, which is the current
     (common) case, of course. Adding DNSSEC changes the playing field.

Prometheus, lest we forget is the lesser Greek god that created man, stole
fire, and -- in the process of duping Zeus -- performed the first sacrifice,
the beginnings of human culture.
        -- Eric Norlin, _Finally, we have a point!_ (August 6, 2001)

Reply to: