Date: Mon, 7 May 2001 12:01:41 -0600 (MDT) From: Wes Peters <wes@softweyr.com> To: Sheldon Hearn <sheldonh@uunet.co.za> Cc: Crist Clark <crist.clark@globalstar.com>, anderson@centtech.com, Andrew Barros <abarros@tjhsst.edu>, "lists@mail.ru" <lists@mail.ru>, freebsd-security@freebsd.org Subject: Re: reverse or not Message-ID: <E14wpKH-0002sJ-00@bsdconspiracy.net> In-Reply-To: <98864.989254731@axl.fw.uunet.co.za> from Sheldon Hearn at "May 7, 2001 06:58:51 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
Sheldon Hearn scribed: > > On Mon, 07 May 2001 09:54:36 MST, "Crist Clark" wrote: > > > > From a security perspective, I'm pretty sure that hosts should NEVER > > > rely on any external source for resolution on the loopback network. > > > > So everyone MUST run a DNS server on localhost? That does not sound too > > secure either. > > That's not what I'm suggesting. People were talking about /etc/hosts vs > DNS. I'm saying that > > 1) DNS servers shouldn't answer questions about the loopback > network. > > 2) Hosts should have hostnames for the loopback network > hardwired into /etc/hosts. 3) /etc/host.conf should always have hosts listed before bind, to be sure that you get your local definitions *first*. -- Sorry, no .sig at this moment. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E14wpKH-0002sJ-00>