On Fri, Feb 3, 2012 at 7:01 AM, Stephen Harris <lists at spuddy.org> wrote: > >> many "false" positives. There is no definitive RFC requirement that the >> mapping has to match. > > But it's a standard security feature (on Solaris NFS server it was > added around 1996, I think). Without the match I could set my servers > IP address to be "mail.google.com". No one should believe me unless > a forward lookup matches. It is commonly considered "broken" for rDNS > to return a value that doesn't match forward DNS. If you say something is "broken", you should quote the RFC with the MUST requirement that it breaks. I don't think there is one for this. The forward and reverse naming control is delegated 2 different ways and may not be under the same person's control. It is also relatively common to have multi-homed hosts with the same name for multiple interfaces, or connections that go through NAT where the host doesn't even know what source address will appear on its connections. -- Les Mikesell lesmikesell at gmail.com