[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Logging on to debian machines

>>>>> "Hamish" == Hamish Moffatt <hamish@debian.org> writes:

    Hamish> On Wed, Jan 31, 2001 at 05:56:35AM -0500, Sam Hartman
    Hamish> wrote:
    >> >>>>> "Marco" == Marco d'Itri <md@Linux.IT> writes:
    Marco> On Jan 18, Paul Hedderly <paul@mjr.org> wrote:
    >> >> Anyone got a cluestick I can hit myself with?
    Marco> Broken DNS reverse mapping?
    >>  Why do we have the machines configured to care about this?

    Hamish> Because it's good practice?

Yes, you are right.  It's good practice to have machines that use
Berkeley rhosts verify DNS in both directions.  It's good practice to log both DNS and IPs.

However, DNS does not provide you any security.  Security comes for
the most part from cryptography, and once you have cryptographically
strong security, being paranoid about DNS is only inconvenient.

    Hamish> Hamish -- Hamish Moffatt VK3SB <hamish@debian.org>
    Hamish> <hamish@cloud.net.au>

    Hamish> -- To UNSUBSCRIBE, email to
    Hamish> debian-devel-request@lists.debian.org with a subject of
    Hamish> "unsubscribe". Trouble? Contact
    Hamish> listmaster@lists.debian.org

Reply to: