Currently, we have the TrendMicro-NAV running in the DMZ. What are the pros and cons of enabling reverse DNS? And where can I find some supporting documentation?
One advantage is that some programs will allow you to refuse a connection if the reverse DNS does not match the forward DNS. It is another level of security that can be added, and can also be useful for logging purposes. You can, however, do a reverse DNS lookup using the "dnsname" command or simply by pinging the address. Most people agree that this is more of a headache than a help. There are other security means that are not such a pain. The matching between the forward and reverse DNS is set by the application to either match within a period of time or timeout. This can leave a workstation "hung" for a period of time. Further, DNS configuration errors can cause a 4 aspirin headache. You can find further information on this topic at IETF's website
and do a keyword search. There is also information on most of the active equipment manufacturer's sites that offer tech support or knowledge bases.
This was last published in July 2003
Dig Deeper on IP Networking
Proper SBC configuration requires partnering with providers and security teams to examine circuits and potential traffic. Learn the best practices ...
Organizations need SIP services to connect and disconnect call sessions. Now some SIP services are offered through APIs, which expand the use cases ...
A few factors can indicate it's time to replace a business phone system. Learn when it may be time to switch and how to decide on a course of action.