Stephen Harris <lists@...> writes:
On Sun, Apr 13, 2014 at 02:06:42PM +0000, David G. Miller wrote:
Be aware that the actual "owner" of the dynamic IP address is still authoritative for reverse look ups. This means that some uses of a system with a dynamic IP address are problematic (e.g., mail server) since the reverse look up fails. Other uses (sshd) in theory work but folks have to
Not necessarily fail. eg I do my own dynamic DNS so that "xxx.my.domain" has an A record to my home. But if I do an rDNS for that IP then it returns a verizon.net record. However this is not a problem as long as a forward lookup for that name returns an A record which matches.
<SNIP> Interesting. I had to have my ISP add a C record to their DNS for my fixed IP address before most of my e-mails were accepted. I recently also had to add an SPF (sender policy framework) record on my DNS to get my e-mails accepted bu gmail. You could try to manage the SPF record the same way you do other dynamic IP address records but there was a couple of day lag before gmail accepted it when I put it in place.
ssh client should manage that for you automatically. It'll know you're connecting to "xxx.my.domain" and the host key will match and it should automatically add a new record to known_hosts for the IP address. (Or you can configure ssh_config to not care).
Absolutely correct but then you lose the IP checking for a man in the middle attack. This wouldn't be that bad on a fixed IP address but would seem to be a lot riskier on a dynamic IP address.
Cheers, Dave