RE: To CAIS Engineers - WAKE UP AND TAKE CARE OF YOUR CUSTOMERS
From: Frank Rizzo [mailto:rizzo@drunkagain.org] Sent: Sunday, May 13, 2001 3:09 PM
On Sun, May 13, 2001 at 02:20:28PM -0700, Roeland Meyer wrote:
I've had similar problem at SpeakEasy. They still don't
have a reverse-DNS clue.
http://www.mhsc.com/recovery.htm
None of the DSL ISPs can do larger than /27 anymore, even
when they're
ILECs. Anything less than a /24 can't be SWIP'd and if you don't control your in-addr.arpa entries you don't control your domain and have no security.
wow, relying on dns for security is pretty freaking ignorant, and so are you appearantly. that's okay, i'll shut up now because i'll be busy playing with my reverse dns to get your hosts to trust me!
Gee, I wish you knew what you were talking about. Basic security starts with reverse, see tcp_wrappers, SSH, Oracle (try and build a DB without reverse working right. Net8 stops you dead in your tracks). Half of my ACLs don't work right because reverse isn't correct.
ps - 32/27.0.168.192.in-addr.arpa., learn it, love it, live it.
Thu May 10 22:59:09 [root:2]#> ps - 32/27.0.168.192.in-addr.arpa. ERROR: Garbage option.
On Sun, May 13, 2001 at 06:04:12PM -0700, Roeland Meyer wrote:
Gee, I wish you knew what you were talking about. Basic security starts with reverse, see tcp_wrappers
tcp_wrappers is joke security. Anyone using TCP wrappers and hostname-based rules is braindead.
SSH
SSH does not require reverse DNS to operate properly.
Oracle (try and build a DB without reverse working right. Net8 stops you dead in your tracks).
Sorry, but this is just 100% wrong. I've set up Oracle on many boxes and you don't need any DNS at all to set up an oracle DB. In fact, I tell our DBA's to use IP addresses in their TNSNAMES.ORA files because I don't want the DB depending on DNS.
Half of my ACLs don't work right because reverse isn't correct.
Too bad for you. Maybe you should get better ACL's.
ps - 32/27.0.168.192.in-addr.arpa., learn it, love it, live it.
Thu May 10 22:59:09 [root:2]#> ps - 32/27.0.168.192.in-addr.arpa. ERROR: Garbage option.
Heh. --Adam
Sorry, but this is just 100% wrong. I've set up Oracle on many boxes and you don't need any DNS at all to set up an oracle DB. In fact, I tell our DBA's to use IP addresses in their TNSNAMES.ORA files because I don't want the DB depending on DNS.
--Adam
So... you'd rather type in the address 3ffe:801:bbc4:873d:2d0:b7ff:fee8:c4d9 than the name fedb.example.com? More power to you. --bill
participants (3)
-
Adam McKenna -
bmanning@vacation.karoshi.com -
Roeland Meyer