Re: (long) tcpd compilation options and forced reverse lookup
On Jun 13, 11:18pm, James Bromberger wrote:
> To counter your argument, sometimes you don't want DNS at all on your=20
I didn't say it's a best thing to do everywhere :^)
> servers. That whay there are no external dependencies that can be hijacked.=
Right.
> If you are relying on domain names outside of your control, then you have=
> relatively week security. Any name -> address mappings can be done=20
> exclusivly in /etc/hosts; resolving then becomes much quicker: either=20
That's true, as long as you don't have to change it every now and then, when
it becomes a PITA (yes, you shouldn't have to change it too often, unless you
have a mess in your network, but that's a minor detail).
> By installed, I mean, the server itself is using the DNS (look at=20
> /etc/hosts.conf: hosts, bind, or just hosts). Running a DNS server for=20
> other clients to use is a separate matter. Proxy, Mail, servers need DNS.=
Right.
> Web servers, IMAP serevers, FTP servers, etc, do not really need it.
Unless you want to have domain names (and not IPs) in logfiles.
Yes, I know this is discouraged.
Pawel
--
(___) | Pawel Wiecek ------------------- <coven@vmh.net> <+48603240006> |
< o o > | WWW: http://www.coven.vmh.net/ [ Debian GNU/Linux developer ] |
\ ^ / | GPG/PGP key: http://www.coven.vmh.net/personal/pgpkey.html |
(") | To err is human -- to blame it on a computer is even more so. |
Reply to: