Date: Mon, 08 Sep 2003 17:02:02 -0500 From: Jeremy Messenger <mezz7@cox.net> To: Andreas Klemm <andreas@freebsd.org> Cc: freebsd-hackers@freebsd.org Subject: Re: PUzzling sshd behaviour Message-ID: <opru7bhoh28ckrg5@smtp.central.cox.net> In-Reply-To: <20030908211306.GA50616@titan.klemm.apsfilter.org> References: <3F589E94.1080508@xwave.com> <20030905154646.GA59881@rot13.obsecurity.org> <20030906213428.GF29217@spc.org> <3F5A8FDB.3050507@newsguy.com> <20030907015510.GG29217@spc.org> <20030908202727.GA49862@titan.klemm.apsfilter.org> <opru68l1a78ckrg5@smtp.central.cox.net> <20030908211306.GA50616@titan.klemm.apsfilter.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 8 Sep 2003 23:13:06 +0200, Andreas Klemm <andreas@freebsd.org> wrote: > On Mon, Sep 08, 2003 at 03:59:51PM -0500, Jeremy Messenger wrote: >> My solution is to install and setup dnscache to do the local DNS cache. > > DNS cache sounds like it caches DNS records after a successfull > DNS query, right ? > > The problem at my clients project was, that the DNS server > a) wasn't reachable from time to time because they played > around with a pix firewall in a cat6k > b) these particular OOB IPs and the sun's IPs were not in > DNS database > > So ... I assume a dns *cache* wouldn't have brought any better > functionality. We still would have needed a functionality in > sshd, to turn off reverse lookup entirely ... > The suns have already been secured by firewalls so no real need > for this reverse lookup feature. I use tinydns and dnscache to do the local DNS, so I don't have to touch the /etc/hosts anymore. The /etc/hosts is just pain in my ass. It solved all of my SSH and other reverse lookup problems. Current, I have the split horizon DNS[1] setup for the internal and external DNS queries separate. [1] http://www.fefe.de/djbdns/#splithorizon Great article about djbdns on FreeBSD can be found at http://ezine.daemonnews.org/200210/ezdjbdns.html .. Cheers, Mezz > Andreas /// -- bsdforums.org 's moderator, mezz.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?opru7bhoh28ckrg5>