 |  |
>We have taken over responsibility for primary DNS for our domain from our
Re: DNS spoofing and reverse DNS records
From: Men & Mice Support
Date: Wednesday, May 26, 1999
Time: 10:21:00 pm
>service provider. (They now act as secondary) However they still seem to
>think that *they* are responsible for maintaining reverse DNS records for
>our domain. (The reason we took over responsibility was their inability to
>correctly maintain, amongst other things, the reverse DNS records!)
>a.) Is this seeming inconsistency correct?
This is pretty normal - your reverse zone is entirely separate from your
domain zone(s). If you want responsibility for your reverse records, you'll
have to tell them that.
I've taken a look at the situation, and they can't easily delegate the
whole class C subnet to you anyway; they don't own the surrounding class B.
From this, I take it that they haven't given you the entire class C, but
just a portion of it.
If this is true, you'll have to deal with a classless subnet delegation in
order to get your reverse zone away from them. Read RFC 2317 (and, if
necessary, have your ISP read it, too). If you can understand it, great,
but if you have questions about it, I can probably answer them.
<ftp://NIC.MERIT.EDU/internet/documents/rfc/rfc2317.txt>
>b.) If it is, does this potentially provide any security problems i.e., DNS
>spoofing?
It doesn't *open* any new security holes, but neither does it close any
that were open before. If you had a security problem before, then you still
have it.
<plug>
DNS Expert can check for spoofing vulnerability.
</plug>
____________________________________________________________________
Chris Buxton Men & Mice
cbuxton@menandmice.com http://www.menandmice.com
Messages In This Thread:
Return to Digital Point Solutions' Home Page