Re: Has anyone implemented "double forward DNS"?
Duncan Simpson wrote:
[...]
The idea here is that a client that finds www.example.com is 192.168.3.42 does
not trist this infiormation. Instead it looks up 42.3.168.192.in-addr.arpa and
checks for a PTR record saying www.example.com. If one is not found then the
result is disinformation and should not be used. Of course if the bad guy also
controls the client's information about the reverse zone it still loses.
[...]
Your proposal would cause a lot of trouble for sites using shared-ip
virtual webhosting (read many, perhaps most, sites) since it could
require potentially thousands (or more) of PTR records for each
shared-ip webserver IP (which would do nasty things to DNS in general).
--
Benjamin Franz