From owner-freebsd-security Sat May 5 1:45:10 2001 Delivered-To: freebsd-security@freebsd.org Received: from lists01.iafrica.com (lists01.iafrica.com [196.7.0.141]) by hub.freebsd.org (Postfix) with ESMTP id 5003437B423 for ; Sat, 5 May 2001 01:45:06 -0700 (PDT) (envelope-from sheldonh@uunet.co.za) Received: from nwl.fw.uunet.co.za ([196.31.2.162]) by lists01.iafrica.com with esmtp (Exim 3.12 #2) id 14vxgN-000536-00; Sat, 05 May 2001 10:44:55 +0200 Received: (from nobody@localhost) by nwl.fw.uunet.co.za (8.8.8/8.6.9) id KAA00175; Sat, 5 May 2001 10:44:54 +0200 (SAST) Received: by nwl.fw.uunet.co.za via recvmail id 169; Sat May 5 10:44:50 2001 Received: from sheldonh (helo=axl.fw.uunet.co.za) by axl.fw.uunet.co.za with local-esmtp (Exim 3.22 #1) id 14vxgI-000H55-00; Sat, 05 May 2001 10:44:50 +0200 To: anderson@centtech.com Cc: Andrew Barros , "lists@mail.ru" , freebsd-security@freebsd.org Subject: Re: reverse or not In-reply-to: Your message of "Fri, 04 May 2001 08:17:00 EST." <3AF2ABCC.B5776288@centtech.com> Date: Sat, 05 May 2001 10:44:50 +0200 Message-ID: <65662.989052290@axl.fw.uunet.co.za> From: Sheldon Hearn Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Fri, 04 May 2001 08:17:00 EST, Eric Anderson wrote: > I think if you have (in your /etc/host.conf) bind listed before hosts > (meaning it will ask the dns server before looking at the hosts file), > it would delay if the dns server doesn't have a reverse entry for > 127.0.0.1 [...] From a security perspective, I'm pretty sure that hosts should NEVER rely on any external source for resolution on the loopback network. Ciao, Sheldon. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message