<<< Date Index >>>     <<< Thread Index >>>

Re: Has anyone implemented "double forward DNS"?





Duncan Simpson wrote:

[...]
The idea here is that a client that finds www.example.com is 192.168.3.42 does not trist this infiormation. Instead it looks up 42.3.168.192.in-addr.arpa and checks for a PTR record saying www.example.com. If one is not found then the result is disinformation and should not be used. Of course if the bad guy also controls the client's information about the reverse zone it still loses.
[...]

Your proposal would cause a lot of trouble for sites using shared-ip virtual webhosting (read many, perhaps most, sites) since it could require potentially thousands (or more) of PTR records for each shared-ip webserver IP (which would do nasty things to DNS in general).

--
Benjamin Franz