[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default

>>>>> "Wichert" == Wichert Akkerman <wichert@cistron.nl> writes:

    Wichert> Previously Alan Shutko wrote:
    >> What security does this give you, seriously?

    Wichert> Better audit trail.

Assuming again that DNS is not spoofed.    Logging both the IP and DNS will get you just as good of an audit trail without  screwing your users.

    Wichert> Someone should clobber them with some RFCs then.

No RFC requires that I even register my machines with DNS.  I suspect
that no RFC does more than recommend that I register in-addr.arpa if I
register forward DNS.  CI would certainly be shocked to find such a
requirement in a standards-track RFC.

Reply to: