Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default
On Wed, Apr 18, 2001 at 10:17:22PM +0200, Robert van der Meulen wrote:
> Quoting Andrew Pimlott (email@example.com):
> > PARANOID is there for people who want to do DNS hostname based
> > authentication and have it be slightly less broken. That's it. Can
> > anyone else document a real case in which denying based on PARANOID
> > helped?
> There is no such thing as DNS hostname based authentication.
> Can you give an example where you would want to allow access from an
> inconsequently configured machine, that is run by someone who doesn't know
> how to configure DNSs ?
> The PARANOID setting helps in 'pushing' people to do correct DNS
> configuration, it helps auditing, it keeps your (and others') networks in a
> consequent and (DNS-wise) correctly configured state.
> If removing the 'ALL: PARANOID' line fixes things for you, or makes life
> easier for you, you should look into configuring your servers first, before
> requesting a workstation install that allows for access by broken
> Machines with broken DNS should not be allowed to connect anyway, but should
> either be fixed, and in the remote possibility that you do want to allow
> access from broken machines, the admin can alter /etc/hosts.deny.
Most of us don't have control over our dns records. Wich are under control of fascist Telecomunication Megacorporations such as Telefonica.
Pedro Larroy Tovar. PiotR | http://omega.resa.es/piotr/