From owner-freebsd-security Mon May 7 11: 2:35 2001 Delivered-To: freebsd-security@freebsd.org Received: from bsdconspiracy.net (bsdconspiracy.net [208.187.122.220]) by hub.freebsd.org (Postfix) with ESMTP id 77B8D37B422 for ; Mon, 7 May 2001 11:02:29 -0700 (PDT) (envelope-from wes@softweyr.com) Received: from wes by bsdconspiracy.net with local (Exim 3.14 #1) id 14wpKH-0002sJ-00; Mon, 07 May 2001 12:01:41 -0600 Subject: Re: reverse or not In-Reply-To: <98864.989254731@axl.fw.uunet.co.za> from Sheldon Hearn at "May 7, 2001 06:58:51 pm" To: Sheldon Hearn Date: Mon, 7 May 2001 12:01:41 -0600 (MDT) Cc: Crist Clark , anderson@centtech.com, Andrew Barros , "lists@mail.ru" , freebsd-security@freebsd.org X-Mailer: ELM [version 2.4ME+ PL66 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Message-Id: From: Wes Peters Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Sheldon Hearn scribed: > > On Mon, 07 May 2001 09:54:36 MST, "Crist Clark" wrote: > > > > From a security perspective, I'm pretty sure that hosts should NEVER > > > rely on any external source for resolution on the loopback network. > > > > So everyone MUST run a DNS server on localhost? That does not sound too > > secure either. > > That's not what I'm suggesting. People were talking about /etc/hosts vs > DNS. I'm saying that > > 1) DNS servers shouldn't answer questions about the loopback > network. > > 2) Hosts should have hostnames for the loopback network > hardwired into /etc/hosts. 3) /etc/host.conf should always have hosts listed before bind, to be sure that you get your local definitions *first*. -- Sorry, no .sig at this moment. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message