From owner-freebsd-security Fri May 4 9:18: 4 2001 Delivered-To: freebsd-security@freebsd.org Received: from prox.centtech.com (moat2.centtech.com [206.196.95.21]) by hub.freebsd.org (Postfix) with ESMTP id 4B8D937B422 for ; Fri, 4 May 2001 09:18:01 -0700 (PDT) (envelope-from anderson@centtech.com) Received: (from smap@localhost) by prox.centtech.com (8.9.3+Sun/8.9.3) id IAA13802; Fri, 4 May 2001 08:17:11 -0500 (CDT) Received: from shiva.centtech.com(10.177.173.77) by prox via smap (V2.1+anti-relay+anti-spam) id xma013798; Fri, 4 May 01 08:17:00 -0500 Message-ID: <3AF2ABCC.B5776288@centtech.com> Date: Fri, 04 May 2001 08:17:00 -0500 From: Eric Anderson Reply-To: anderson@centtech.com Organization: Centaur Technology X-Mailer: Mozilla 4.76 [en] (X11; U; Linux 2.2.14-5.0smp i686) X-Accept-Language: en MIME-Version: 1.0 To: Andrew Barros Cc: "lists@mail.ru" , freebsd-security@freebsd.org Subject: Re: reverse or not References: <5.0.2.1.2.20010503145244.00a12e50@nol.co.za> <20010503170027.B9233@tjhsst.edu> <3AF1DC23.32BB39B3@globalstar.com> <3AF23077.55DEA3D8@mail.ru> <20010504084039.G9233@tjhsst.edu> <20010504155725.Q13382@ringworld.oblivion.bg> <20010504090432.H9233@tjhsst.edu> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I think if you have (in your /etc/host.conf) bind listed before hosts (meaning it will ask the dns server before looking at the hosts file), it would delay if the dns server doesn't have a reverse entry for 127.0.0.1, which would take a long time.. But it still doesn't sound right.. I had some similar problems with ssh, and patched it, which fixed the (similar) problem for me.. Eric Andrew Barros wrote: > > Yes, ns1.tjhsst.edu is on the same ethernet segment as the box. > > 127.0.0.1 is in /etc/hosts > > -ajb > On Fri, May 04, 2001 at 03:57:25PM +0300, Peter Pentchev wrote: > ->On Fri, May 04, 2001 at 08:40:39AM -0400, Andrew Barros wrote: > ->> > ->> There are two things that I'm sure of > ->> > ->> 1) The boxes have correct reverse DNS > ->> > ->> 2) They use ns1.tjhsst.edu as their nameserver(a different box) > ->> which has the correct reverse DNS > ->> > ->> The problem is that while these things are true, and out T1 is up > ->> it works normally. When the T1 goes out, it takes a _long_ time. Telnet > ->> ,however, is unaffected by this. > -> > ->When you say 'correct reverse DNS', you do mean 127.0.0.1 too, right? > ->And (a stupid question, but one that needs asking nevertheless) ns1.tjhsst.edu > ->is reachable when your T1 goes down, right? > -> > ->G'luck, > ->Peter > -> > ->-- > ->If there were no counterfactuals, this sentence would not have been paradoxical. > ---end quoted text--- > > -- > Andrew Barros > PGP Key Fingerprint: > D3B8 0800 C45A 143E 5CF0 E112 0A1B AB36 B655 1FB8 > > ------------------------------------------------------------------------ > Part 1.2Type: application/pgp-signature -- ------------------------------------------------------------------------------- Eric Anderson anderson@centtech.com Centaur Technology (512) 418-5792 The idea is to die young as late as possible. ------------------------------------------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message