[Mimedefang] validating 'possibly forged' helo IP's?
Kevin A. McGrail
kmcgrail at pccc.com
Thu Jan 12 14:29:28 EST 2006
> >> 1. There is only one ptr record per IP.
>
> > Not true. I was testing that on my internal DNS:
>
> Try adding 150 PTR records for a given IP address and watch all hell
> break loose. :-)
Ok, I'll give you that you CAN define more than one. My understanding is
that there is no mechanism defined for what a DNS client should do, if
anything, with more than one ptr address in the IN-ADDR.ARPA space hence
there is no point to defining more than one except for things like a network
gateway but even then one address will still be primary.
I guess it's feasible that things like SSH that implement reverse tests for
security could check all of the PTR's returned but I have no idea if they
even do this.
However, for logging purposes and traceroutes, etc. it is just going to
display one of them. Having more than one defined begs the question of
'which one'?
I will agree you can define as many as you would like including David's
suggestion of what to do when you are bored one Friday night.
By comparison, a DNS client for a forward lookup should, for example,
randomize responses for A records as well as equal priority MX records. I'm
also not certain if the DNS server actually randomizes the order of the
responses as well.
Regards,
KAM
More information about the MIMEDefang
mailing list