Opinion: Should web clients be required to have DNS PTR records?

Giganews Newsgroups
Subject: Opinion: Should web clients be required to have DNS PTR records?
Posted by:  D. Stussy (spam+newsgroups@bde-arc.ampr.org)
Date: Fri, 29 Jul 2011

I've noted alot of activity coming from IP addresses that don't have PTR
records in DNS which appear to be potentially malicious in nature.
Conversely, I've noted that the majority (but not all) requests which
appear to be user requests do have valid (yet generic) DNS hostnames, and
similarly with the well-known web robots and spiders.  Therefore, I am
considering the denial of requests where the client IP has no [reverse]
hostname.

Implementing the check is easy (e.g. for Apache):

    RewriteCond %{REMOTE_ADDR}#%{REMOTE_HOST}  ^([^#]*)#\1$    [NC]
    RewriteRule .  -  [E=noptr:1]

....Where environment variable "noptr" is set to 1 when the PTR record is
missing (i.e. remote host name is the same as the remote address,
indicating no name available), and left undefined a name exists.

With e-mail, the equivalent policy has been popular for some time as a
spam-cutting measure.  However, my question for the group is for opinions
regarding this proposed policy.  Comments?

Replies