From owner-freebsd-security  Mon May  7  9:55:37 2001
Delivered-To: freebsd-security@freebsd.org
Received: from nsmail.corp.globalstar.com (gibraltar.globalstar.com [207.88.248.142])
	by hub.freebsd.org (Postfix) with ESMTP id 6F82437B50C
	for <freebsd-security@FreeBSD.ORG>; Mon,  7 May 2001 09:55:16 -0700 (PDT)
	(envelope-from crist.clark@globalstar.com)
Received: from globalstar.com ([207.88.153.184]) by
          nsmail.corp.globalstar.com (Netscape Messaging Server 4.15) with
          ESMTP id GCZ5MF00.C2F; Mon, 7 May 2001 09:54:15 -0700 
Message-ID: <3AF6D34C.AE6A479F@globalstar.com>
Date: Mon, 07 May 2001 09:54:36 -0700
From: "Crist Clark" <crist.clark@globalstar.com>
Organization: Globalstar LP
X-Mailer: Mozilla 4.77 [en] (WinNT; U)
X-Accept-Language: en
MIME-Version: 1.0
To: Sheldon Hearn <sheldonh@uunet.co.za>
Cc: anderson@centtech.com, Andrew Barros <abarros@tjhsst.edu>,
	"lists@mail.ru" <lists@mail.ru>, freebsd-security@FreeBSD.ORG
Subject: Re: reverse or not
References: <65662.989052290@axl.fw.uunet.co.za>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Sheldon Hearn wrote:
> 
> On Fri, 04 May 2001 08:17:00 EST, Eric Anderson wrote:
> 
> > I think if you have (in your /etc/host.conf) bind listed before hosts
> > (meaning it will ask the dns server before looking at the hosts file),
> > it would delay if the dns server doesn't have a reverse entry for
> > 127.0.0.1 [...]
> 
> From a security perspective, I'm pretty sure that hosts should NEVER
> rely on any external source for resolution on the loopback network.

So everyone MUST run a DNS server on localhost? That does not sound too
secure either.
-- 
Crist J. Clark                                Network Security Engineer
crist.clark@globalstar.com                    Globalstar, L.P.
(408) 933-4387                                FAX: (408) 933-4926

The information contained in this e-mail message is confidential,
intended only for the use of the individual or entity named above.  If
the reader of this e-mail is not the intended recipient, or the employee
or agent responsible to deliver it to the intended recipient, you are
hereby notified that any review, dissemination, distribution or copying
of this communication is strictly prohibited.  If you have received this
e-mail in error, please contact postmaster@globalstar.com

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message