Path: utzoo!utgpu!news-server.csri.toronto.edu!rutgers!ucsd!ucbvax!agate!shelby!portia.stanford.edu!jessica.stanford.edu!morgan From: morgan@jessica.stanford.edu (RL "Bob" Morgan) Newsgroups: comp.protocols.tcp-ip.domains Subject: Re: no inverse mappings Message-ID: <1990Aug30.004608.6515@portia.Stanford.EDU> Date: 30 Aug 90 00:46:08 GMT References: <9008141419.AA03517@socrates.ee.rochester.edu> Sender: news@portia.Stanford.EDU (USENET News System) Distribution: inet Organization: Academic Information Resources Lines: 39 Re: insisting on inverse mappings: Hmm, I'm interested in this discussion, having just been involved in an argument with a site that refuses connections to sites that won't inverse map. Can someone quote chapter and verse from an RFC that says that a host's IP address should inverse map via DNS before it can make a connection? All I can find that seems relevant is from Host Requirements II, RFC 1123: 2.2 Using Domain Name Service Host domain names MUST be translated to IP addresses as described in Section 6.1. Applications using domain name services MUST be able to cope with soft error conditions. Applications MUST wait a reasonable interval between successive retries due to a soft error, and MUST allow for the possibility that network problems may deny service for hours or even days. Do these systems that reject connections based on no inverse mapping allow for this sort of error? I guess the philosophy puzzles me. I've always thought of DNS as a way of making it easier for clients to connect to services, not as any sort of authentication system. At this site we have 2000 machines on LocalTalk networks using dynamic IP address assignment and supporting no IP services. Is it really necessary for security for us to give them all names (actually, give the addresses names) and put them in our domain database? Surely if intrusive activity is coming from one of these machines it's easy to determine where it's at by looking at the network part of its IP address? - RL "Bob" Morgan Networking Systems Stanford