host & DNS
I am trying to understand how the hosts.allow and hosts.deny files work as
well as DNS.
So far, I have a nameserver, but kept getting an error:
warning: /etc/hosts.allow, line 11: can't verify hostname: gethostbyname
I finally figured out that something was wrong as one of this ISP's user
complained that they couldn't send an email to my mailserver (which is the
nameserver as well).
I did a host lookup and got the following:
gomez.star.cd does not exist, try again
Why would cause this to fail? When I put "ALL: 203." in the
/etc/hosts.allow file and commented out the "ALL: PARANOID" in the
/etc/hosts.deny file, it then allowed access to my mailserver.
Incidentally, I did try to dig the address and hostname and it did work
fine. I am using qmail as the mailserver, but know that it uses your DNS
to resolve hostnames instead of /etc/resolv.conf. Also, I am using xinetd
as well for mail and other services.
Is there anywhere that tells you how these files actually work and what's
the best way of making sure the system is reasonably secure without barring
out legitimate servers? For example, I tried to do the following, but it
didn't work. The man pages didn't really shed much light on this.
in the /etc/hosts.allow file:
in the /etc/hosts.deny file:
in.telnetd: ALL EXECEPT 192.168.1.
I expected that you wouldn't be able to telnet to the machine unless you
had the address 192.168.1.XXX, but I could still do it for some reason. In
the /etc/hosts.allow file, I previously had "ALL: .mydomain.com.au", and in
the /etc/hosts.deny I had "ALL:PARANOID", but this seemed to bounce
everyone in the above category, which annoyed some of our users. I thought
that the DNS server (bind) handled all these requests and that the host
files didn't matter much, until I saw what was happening.