Hi,
check_client_access uses the verified name, which is more conservative.
I wasn't convinced this was a good idea, so I played it safe.
So check_client_access is performing an additional DNS query on the
hostname to check if it matches the IP?
Right.
Awesome, thanks. I'm learning all the time :-)
It does, but RDNS_DYNAMIC matches fewer patterns.
Are you concerned about duplicate points for effectively the same rule?
A little bit, but not nearly enough to figure out how the two overlap
and do something about it. I've never had a false positive report
involving my GENERIC_RDNS, so it can't be *that* bad. If it ever causes
an issue I'll probably drop the rule entirely.
Okay, good point. I did see quite a few FPs when I was rejecting with
the fqrdns.pcre file outright, however.
Thanks,
Alex
