IP Firewalling by DNS name

Ivan Voras ivoras at fer.hr
Tue May 31 10:52:50 PDT 2005

bruce at nikkel.com wrote:

> Access control based on the reverse lookup of an IP address is a
> dangerous idea in general. Anyone who manages their own reverse DNS
> could bypass the security simply by creating a DNS entry. If someone
> controls the in-addr.arpa zone for a particular IP range, they can make
> those IPs resolve with any FQDN they want, even with domains they don't
> own.

Interesting! Thanks!

More information about the freebsd-stable mailing list