Well, the rationale behind this is as you touched on, preventing spoofed address attacks. A paranoid lookup essentially verifies that the connecting system is a known legit host. In effect you're using your DNS system as another level of authentication. Say somebody wants to covertly log on or attack your system, so they give themselves a bogus ip. A paranoid lookup will stop that because there's no DNS entry. (I won't get into the mechanisms of these spoof type attacks)
Now for connections originating from the internet this is little help since there are so many ways to spoof traffic/hack/attack/etc. What it can make a difference in is from traffic originating within your own network. Because that is a known entity and paranoid lookups should ALWAYS succeed. I don't know all the details of how it passes or fails you given RR DNS but it does something... At 01:29 AM 1/11/02 +0100, martin f krafft wrote: >yes, but *what* exactly does ALL:PARANOID prevent? establishing the >authenticity of the domain name is surel a good point, but that's for >finger/who/w and co. only because i don't even want to deal with/know >about a system administrator that parses logs based on domain names >rather than IPs... -- REMEMBER THE WORLD TRADE CENTER ---=< WTC 911 >=-- 00000100 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
