Re: Strange message in logs
Typing away merrily, Robert Ruzbacky produced the immortal words:
> Apr 9 06:47:39 ns tcp-env: warning: /etc/hosts.allow, line 11: can't verify hostname: gethostbyname(114.trusted.net) failed
> Apr 9 06:47:40 ns tcp-env: refused connect from 18.104.22.168
> Apr 9 06:56:54 ns tcp-env: connect from murphy.debian.org
> Apr 9 06:58:38 ns tcp-env: warning: /etc/hosts.allow, line 11: can't verify hostname: gethostbyname(114.trusted.net) failed
> Apr 9 06:58:38 ns tcp-env: refused connect from 22.214.171.124
> Is this because my hosts.deny file is set to ALL: PARANOID
No. Your DNS setup is broken.
% host -t ptr 126.96.36.199
% host 114.trusted.net
114.trusted.net does not exist (Authoritative answer)
You need forward DNS which matches the reverse. Otherwise, an attacker
could do something like the following ...
goodppl.example.net has 192.168.1/24
badppl.example.net have 192.168.6/24
Set reverse DNS for 192.168.6.66 to point to ours.goodppl.example.net.
Hey presto, badppl can bypass all your filters easily, and nothing you
can do about it.
Matching forward and reverse DNS is a Good Thing(tm).
HTML email - just say no --> Phil Pennock
"We've got a patent on the conquering of a country through the use of force.
We believe in world peace through extortionate license fees." -Bluemeat