[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: (long) tcpd compilation options and forced reverse lookup



On Jun 13, 11:18pm, James Bromberger wrote:
> To counter your argument, sometimes you don't want DNS at all on your=20

I didn't say it's a best thing to do everywhere :^)

> servers. That whay there are no external dependencies that can be hijacked.=

Right.

> If you are relying on domain names outside of your control, then you have=
> relatively week security. Any name -> address mappings can be done=20
> exclusivly in /etc/hosts; resolving then becomes much quicker: either=20

That's true, as long as you don't have to change it every now and then, when
it becomes a PITA (yes, you shouldn't have to change it too often, unless you
have a mess in your network, but that's a minor detail).

> By installed, I mean, the server itself is using the DNS (look at=20
> /etc/hosts.conf: hosts, bind, or just hosts). Running a DNS server for=20
> other clients to use is a separate matter. Proxy, Mail, servers need DNS.=

Right.

> Web servers, IMAP serevers, FTP servers, etc, do not really need it.

Unless you want to have domain names (and not IPs) in logfiles.
Yes, I know this is discouraged.

      Pawel

-- 
 (___)  | Pawel Wiecek ------------------- <coven@vmh.net> <+48603240006> |
< o o > | WWW: http://www.coven.vmh.net/   [ Debian GNU/Linux developer ] |
 \ ^ /  |   GPG/PGP key:  http://www.coven.vmh.net/personal/pgpkey.html   |
  (")   |  To err is human -- to blame it on a computer is even more so.  |



Reply to: