On Mon, 17 Dec 2007 17:26:40 -0800 Rick Stevens <rstevens@xxxxxxxxxxxx> wrote: > No, the IP could be spoofed. If the connection that purported to come > from niceguy.mybuddy.com on 1.2.3.4 actually reverse resolves to > evilbastards.hackerville.com, do you really want to allow that? I sure > as heck don't. But if I do a dig -x on the IP address, it tells me both names, so it isn't like the reverse lookup resolves to a different name, it just resolves to multiple names, one of which was the one expected. (I have no idea exactly how the DNS server is configured at work - I have no control over it).
