For my web app, I hardcode a reverse DNS detection for common web crawlers. And for detecting them I use their Reverse DNS, which I always check whether it includes i.e. google.com. My questions would be:
- Can this be a possible security flaw, because a subsubdomain could be just named
googlebot.com.malicious.bot
? - Can the Reverse DNS be spoofed using IP spoofing?
- In case of yes to the previous question, how can I check that it was legit? Do I need to implement code to ping that IP or something?
PTR
records exist for any IP hitting you... except that this is far from the case. Outside of email needs,PTR
records are mostly useless and hence not used. You can not expect any given IP address (v4 or v6) to have any kind ofPTR
records. Alternatively, good search engine do provide list of IP addresses from where they come, and also have a properUser-Agent
field that you can match.User-Agent
can be easily spoofedPTR
records, first if you don't have DNSSEC, second as Steffen said the owner of it can point togoogle.com
as it wants...