> These days I am a fan for forward check access lists, because any one who > owns a DNS server can say that for IPAddressX returns aserver.google.com. > They can not set the forward lookup outside of their domain but they can > setup a reverse lookup. The other advantage is forword looking access lists > is you can use DNS Alias in access lists as well.
That is not true, you have to have a valid A record in the correct domain. This is how it works (and how you should check you reverse lookups in your applications): 1. Do a reverse lookup. 2. Do a lookup with the name from 1. 3. Check that the IP address is one of the adresses you got in 2. Ignore the reverse lookup if the check in 3 fails. _______________________________________________ zfs-discuss mailing list zfs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
