Applying Domain Objects in Rules

[BarryStiefel]

Applying Domain Objects in Rules





TechTip It is not generally advisable to use domain objects. Aside from the additional time it may take to perform these name resolutions, the information obtained from DNS can be spoofed and may not be reliable. As an example, someone recently used a weakness in DNS to redirect requests from www.internic.net to www.alternic.net.



A reverse lookup of an IP address is required to determine if it is part of the DNS domain or not. Your firewall should be able to resolve DNS names as well as IP addresses. Double-check the DNS settings on your firewall. Also, since an IP address can only reverse-resolve to one name, make sure the IP address in question reverse-resolves as you expect. For example, the IP address for foo.dyn.ml.org may resolve to the IP 192.186.29.42, but 192.186.29.42 may reverse-resolve to host.bar.com.

If you are running on Solaris, it is advisable to not run the Name Service Caching daemon (nscd) since there are some problems with how it interacts with the security servers.





-- RobertGraham - 16 Mar 2004

FAQForm FAQs.Class: TroubleshootingFAQs FAQs.OS: FAQs.Version: