Date: Tue, 31 May 2005 19:51:41 +0200 From: Ivan Voras <ivoras@fer.hr> To: bruce@nikkel.com Cc: stable@freebsd.org Subject: Re: IP Firewalling by DNS name Message-ID: <429CA42D.6020704@fer.hr> In-Reply-To: <20050531174833.GA24102@nikkel.com> References: <429C7804.8040709@fer.hr> <20050531174833.GA24102@nikkel.com>
next in thread | previous in thread | raw e-mail | index | archive | help
bruce@nikkel.com wrote: > Access control based on the reverse lookup of an IP address is a > dangerous idea in general. Anyone who manages their own reverse DNS > could bypass the security simply by creating a DNS entry. If someone > controls the in-addr.arpa zone for a particular IP range, they can make > those IPs resolve with any FQDN they want, even with domains they don't > own. Interesting! Thanks!
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?429CA42D.6020704>