FileZilla Forums

Hello there from germany,

is there a change in the near future to use names (DDNS, MyFritz, ...) instead of IP- adresses for i.e. IP-Filter?!?

No, reverse DNS is too unreliable.

In what way? Regarding name resolution or security?

Regardless, DDNS is the only way to exclude access for everyone else when you enter the NET with changing IP's.

At the moment, the only and dangerous option is to open the server for all addresses, at minimum for all ranges of your DSL-providers IP pool. If you do not know what your next IP address will be or what IP pool will come from, you might still have to access it on the go, opening a wide range like a barn door is the only viable option.


The question remains, what is better now: An open barn door or an occasionally not working name resolution?!?

I think the answer is simple ... is'nt it?!

For controlling access all you need to a long password.



With RDNS, everybody could claim the IP address belongs to a certain domain name. What you need is a forward-confirmed reverse DNS lookup, to make sure the hostname in turn maps back to the IP address in question.

Not only is this a quite slow operation, it can also fail. What should be done if the lookup fails?

Last but not least it can be mis-used for reflection attacks and possibly amplification attacks. Bad guy connecting to your server with an intentionally wrong PTR record associated with the attackers IP and your server (or your DNS resolver) then does requests to the actual target IP on the forward part of the resolution.