North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: To CAIS Engineers - WAKE UP AND TAKE CARE OF YOUR CUSTOMERS
Reverse DNS by itself is insufficient for authentication, but enforcing matching forward and reverse DNS entries is much more reliable (no substitute for secret-based or cert-based authentication, but a good "front door" for something like tcp wrappers). at last check, tcpd and sshd can both be configured to block connections without matching forward/reverse records. -C On Mon, May 14, 2001 at 12:42:54AM -0700, Roeland Meyer wrote: > > > From: Adam McKenna [mailto:[email protected]] > > Sent: Sunday, May 13, 2001 10:06 PM > > > > Oracle (try and build a DB without reverse working right. > > Net8 stops you > > > dead in your tracks). > > > > Sorry, but this is just 100% wrong. I've set up Oracle on > > many boxes and you > > don't need any DNS at all to set up an oracle DB. In fact, I > > tell our DBA's > > to use IP addresses in their TNSNAMES.ORA files because I > > don't want the DB > > depending on DNS. > > Let's see, I don't want to make my DBs dependent on DNS, so I use IP addrs. > Yet, I can't depend on IP addrs because my upstream might have to be > changed... damn, I shouldn't have depended on my scumbag DSL upstream, eh? > Gee, maybe I should have had a names based system after all? Either way, I > wind up having to rebuild Oracle boxen and application servers, every time > somebody farts. Just what in blue hell are we supposed to do? > > BTW, the last I checked SSL certs are usually names based. Pretty slack > security, eh? > > This is right on up there with: > > 1) You idiot DSL monkey, you deserve your Inet death because you didn't > multi-home. > 2) No, you can't advertise less than a /20. > 3) No, you don't deserve larger than a /32. > 4) Yes, we know that makes multi-homing impossible for those that need it > the most. > 5) No, we don't care, you idiot DSL monkeys deserve Inet death. > > Yeah, the message you send out is real clear. > ... and one wonders why the Internet has an implosion problem... > > -- > Internet implosion at 10:00 ... special web report, at 11:00. > > -- --------------------------- Christopher A. Woodfield [email protected] PGP Public Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xB887618B
|