Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default

To: debian-devel@lists.debian.org
Subject: Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default
From: Robert van der Meulen <rvdm@cistron.nl>
Date: Wed, 18 Apr 2001 22:17:22 +0200
Message-id: <[🔎] 20010418221722.A23225@lin-gen.com>
In-reply-to: <[🔎] 20010418152310.A13362@pimlott.ne.mediaone.net>; from andrew@pimlott.ne.mediaone.net on Wed, Apr 18, 2001 at 03:23:10PM -0400
References: <[🔎] 20010418171100.B8620@omega.resa.es> <[🔎] 20010418172549.A17770@lin-gen.com> <[🔎] 20010418152310.A13362@pimlott.ne.mediaone.net>

Quoting Andrew Pimlott (andrew@pimlott.ne.mediaone.net):
> PARANOID is there for people who want to do DNS hostname based
> authentication and have it be slightly less broken.  That's it.  Can
> anyone else document a real case in which denying based on PARANOID
> helped?
There is no such thing as DNS hostname based authentication.
Can you give an example where you would want to allow access from an
inconsequently configured machine, that is run by someone who doesn't know
how to configure DNSs ?
The PARANOID setting helps in 'pushing' people to do correct DNS
configuration, it helps auditing, it keeps your (and others') networks in a
consequent and (DNS-wise) correctly configured state.
If removing the 'ALL: PARANOID' line fixes things for you, or makes life
easier for you, you should look into configuring your servers first, before
requesting a workstation install that allows for access by broken
machines.
Machines with broken DNS should not be allowed to connect anyway, but should
either be fixed, and in the remote possibility that you do want to allow
access from broken machines, the admin can alter /etc/hosts.deny.

Greets,
	Robert

-- 
			      Linux Generation
   encrypted mail preferred. finger rvdm@debian.org for my GnuPG/PGP key.
      Zet mij maar in een hoek, met me kop naar de muur :) -- marijnv

Reply to:

Follow-Ups:
- Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default
  - From: andrew@pimlott.ne.mediaone.net (Andrew Pimlott)
- Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default
  - From: PiotR <piotr@omega.resa.es>

References:
- ALL: PARANOID from /etc/hosts.deny Should be Commented by default
  - From: PiotR <piotr@omega.resa.es>
- Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default
  - From: Robert van der Meulen <rvdm@cistron.nl>
- Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default
  - From: andrew@pimlott.ne.mediaone.net (Andrew Pimlott)

Prev by Date: Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default
Next by Date: Re: Sources vs Packages files
Previous by thread: Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default
Next by thread: Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default
Index(es):
- Date
- Thread