Do you mean a reverse lookup on the IP and then a forward lookup on the resulting hostname? We could probably provide more information if you have us more. What site/app? In certain [niche] situations (i.e. web apps that are not necessarily designed for broad public Internet use), it might be useful as a security control.
I am struggling to come up with a strong use case though. I think the main requirement for this to be [marginally] useful is DNS control over the domain you're wanting to allow access from. Let's say you have an arrangement with an ISP to provide "home office" Internet access to employees across the country/globe. You don't want to concern yourself with the network addressing used by the ISP. You're requirement could be simply that the ISP setup all all home office IP addresses have matching PTR and A records, and that all A records point to the same particular domain. So, when you get a connection you do a PTR lookup. The resulting hostname must be part of said particular domain and then you do an A record lookup on that hostname. The IP address must match.
seems like a lot of work for not a lot of gain though and it certainly is not substitute for real authentication/authorization.
It is a lot of and it seems that the administrators of this site is using this as a substitute for real authentication/authorization. The site is indeed designed for only the employees and/or members of the organization via the internet. The only way users can access the site is if the IP addresses of their machines have both an A and a PTR record that point back to those same IP addresses. This is marginally beneficial in a security standpoint, as those IP addresses can be easily spoofed at which point the A and PTR records will server no use from a security standpoint
Unless you are "in the path", I believe that IP address spoofing for the purpose of hijacking a TCP session is non-trivial on a modern OS with good random sequencing. Throw TLS into the mix and session hijacking is even harder.
Depending on the application (e.g. low risk), it might be a risk appropriate control.
Agreed. Also the site requires the client machine to accept a certificate and then uses https after it verifies that the client IP addresses have corresponding A and PTR records. After which the users are required to use username and passwords.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :