Date: Mon, 25 Aug 1997 11:20:40 -0600 From: Warner Losh <imp@rover.village.org> To: sthaug@nethelp.no Cc: brian@awfulhak.org, mike@smith.net.au, freebsd-hackers@freebsd.org Subject: Re: Broken resolver/named Message-ID: <E0x32oi-0001Eb-00@rover.village.org> In-Reply-To: Your message of "Sun, 24 Aug 1997 18:24:39 %2B0200." <28457.872439879@verdi.nethelp.no> References: <28457.872439879@verdi.nethelp.no> <199708241154.MAA00755@awfulhak.org>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <28457.872439879@verdi.nethelp.no> sthaug@nethelp.no writes: : Read RFC 1535 to see why having this search behavior as default is not : a good idea (it's a security hole, and generates a lot of unecessary : traffic). Yes. At one time BIND used to do this. If you have no domain name set for your machine, then it uses the last n-1 parts of the hostname. If you have a machine named fred.com, then your domain name is .com, and a lookup of localhost will find localhost.com, which isn't quite what you wanted, and will likely cause you to generate bogons that get caught in our packet filter :-(. It is interesting to see the number of port scanners that people are running from hosts that are misconfigured in this manner :-). Warner
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E0x32oi-0001Eb-00>