Home page logo

nanog logo nanog mailing list archives

From: "Christopher A. Woodfield" <rekoil () semihuman com>
Date: Mon, 14 May 2001 11:46:05 -0400

Reverse DNS by itself is insufficient for authentication, but 
enforcing matching forward and reverse DNS entries is much more reliable 
(no substitute for secret-based or cert-based authentication, but a good 
"front door" for something like tcp wrappers). at last check, tcpd and sshd 
can both be configured to block connections without matching forward/reverse 


On Mon, May 14, 2001 at 12:42:54AM -0700, Roeland Meyer wrote:

From: Adam McKenna [mailto:adam () flounder net]
Sent: Sunday, May 13, 2001 10:06 PM

Oracle (try and build a DB without reverse working right. 
Net8 stops you
dead in your tracks).

Sorry, but this is just 100% wrong.  I've set up Oracle on 
many boxes and you
don't need any DNS at all to set up an oracle DB.  In fact, I 
tell our DBA's
to use IP addresses in their TNSNAMES.ORA files because I 
don't want the DB
depending on DNS.

Let's see, I don't want to make my DBs dependent on DNS, so I use IP addrs.
Yet, I can't depend on IP addrs because my upstream might have to be
changed... damn, I shouldn't have depended on my scumbag DSL upstream, eh?
Gee, maybe I should have had a names based system after all? Either way, I
wind up having to rebuild Oracle boxen and application servers, every time
somebody farts. Just what in blue hell are we supposed to do?

BTW, the last I checked SSL certs are usually names based. Pretty slack
security, eh?

This is right on up there with: 
1) You idiot DSL monkey, you deserve your Inet death because you didn't
2) No, you can't advertise less than a /20.
3) No, you don't deserve larger than a /32.
4) Yes, we know that makes multi-homing impossible for those that need it
the most.
5) No, we don't care, you idiot DSL monkeys deserve Inet death.

Yeah, the message you send out is real clear.
... and one wonders why the Internet has an implosion problem...

Internet implosion at 10:00 ... special web report, at 11:00.

Christopher A. Woodfield                rekoil () semihuman com

PGP Public Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xB887618B

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]