From owner-freebsd-hackers@FreeBSD.ORG  Mon Sep  8 14:15:09 2003
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 7376B16A4C0
	for <freebsd-hackers@freebsd.org>;
	Mon,  8 Sep 2003 14:15:09 -0700 (PDT)
Received: from srv1.cosmo-project.de (srv1.cosmo-project.de [213.83.6.106])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 9C9F043F75
	for <freebsd-hackers@freebsd.org>;
	Mon,  8 Sep 2003 14:15:07 -0700 (PDT)
	(envelope-from andreas@klemm.apsfilter.org)
Received: from srv1.cosmo-project.de (localhost [IPv6:::1])
	by srv1.cosmo-project.de (8.12.9/8.12.9) with ESMTP id h88LF2Qw041745
	(version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO);
	Mon, 8 Sep 2003 23:15:02 +0200 (CEST)
	(envelope-from andreas@klemm.apsfilter.org)
Received: (from uucp@localhost)h88LF1UO041742;
	Mon, 8 Sep 2003 23:15:01 +0200 (CEST)
	(envelope-from andreas@klemm.apsfilter.org)
Received: from titan.klemm.apsfilter.org (localhost.klemm.apsfilter.org
	[127.0.0.1])
	by klemm.apsfilter.org (8.12.9/8.12.9) with ESMTP id h88LD6pC050766;
	Mon, 8 Sep 2003 23:13:06 +0200 (CEST)
	(envelope-from andreas@titan.klemm.apsfilter.org)
Received: (from andreas@localhost)
	by titan.klemm.apsfilter.org (8.12.9/8.12.9/Submit) id h88LD6Pl050765;
	Mon, 8 Sep 2003 23:13:06 +0200 (CEST)
Date: Mon, 8 Sep 2003 23:13:06 +0200
From: Andreas Klemm <andreas@freebsd.org>
To: Jeremy Messenger <mezz7@cox.net>
Message-ID: <20030908211306.GA50616@titan.klemm.apsfilter.org>
References: <3F589E94.1080508@xwave.com>
	<20030905154646.GA59881@rot13.obsecurity.org> <20030906213428.GF29217@spc.org>
	<3F5A8FDB.3050507@newsguy.com> <20030907015510.GG29217@spc.org>
	<20030908202727.GA49862@titan.klemm.apsfilter.org>
	<opru68l1a78ckrg5@smtp.central.cox.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <opru68l1a78ckrg5@smtp.central.cox.net>
X-Operating-System: FreeBSD 5.1-CURRENT
X-Disclaimer: A free society is one where it is safe to be unpopular
User-Agent: Mutt/1.5.4i
cc: freebsd-hackers@freebsd.org
Subject: Re: PUzzling sshd behaviour
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
	<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Sep 2003 21:15:09 -0000

On Mon, Sep 08, 2003 at 03:59:51PM -0500, Jeremy Messenger wrote:
> My solution is to install and setup dnscache to do the local DNS cache.

DNS cache sounds like it caches DNS records after a successfull
DNS query, right ?

The problem at my clients project was, that the DNS server
a) wasn't reachable from time to time because they played
   around with a pix firewall in a cat6k
b) these particular OOB IPs and the sun's IPs were not in
   DNS database

So ... I assume a dns *cache* wouldn't have brought any better
functionality. We still would have needed a functionality in 
sshd, to turn off reverse lookup entirely ...
The suns have already been secured by firewalls so no real need
for this reverse lookup feature.

	Andreas ///

-- 
Andreas Klemm - Powered by FreeBSD 5.1-CURRENT
Need a magic printfilter today ? -> http://www.apsfilter.org/