From owner-freebsd-security Mon May 7 10: 0:29 2001 Delivered-To: freebsd-security@freebsd.org Received: from lists01.iafrica.com (lists01.iafrica.com [196.7.0.141]) by hub.freebsd.org (Postfix) with ESMTP id 469DD37B422 for ; Mon, 7 May 2001 10:00:18 -0700 (PDT) (envelope-from sheldonh@uunet.co.za) Received: from nwl.fw.uunet.co.za ([196.31.2.162]) by lists01.iafrica.com with esmtp (Exim 3.12 #2) id 14woMm-0006G3-00; Mon, 07 May 2001 19:00:12 +0200 Received: (from nobody@localhost) by nwl.fw.uunet.co.za (8.8.8/8.6.9) id TAA29164; Mon, 7 May 2001 19:00:11 +0200 (SAST) Received: by nwl.fw.uunet.co.za via recvmail id 29020; Mon May 7 18:58:51 2001 Received: from sheldonh (helo=axl.fw.uunet.co.za) by axl.fw.uunet.co.za with local-esmtp (Exim 3.22 #1) id 14woLT-000Pib-00; Mon, 07 May 2001 18:58:51 +0200 To: "Crist Clark" Cc: anderson@centtech.com, Andrew Barros , "lists@mail.ru" , freebsd-security@freebsd.org Subject: Re: reverse or not In-reply-to: Your message of "Mon, 07 May 2001 09:54:36 MST." <3AF6D34C.AE6A479F@globalstar.com> Date: Mon, 07 May 2001 18:58:51 +0200 Message-ID: <98864.989254731@axl.fw.uunet.co.za> From: Sheldon Hearn Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, 07 May 2001 09:54:36 MST, "Crist Clark" wrote: > > From a security perspective, I'm pretty sure that hosts should NEVER > > rely on any external source for resolution on the loopback network. > > So everyone MUST run a DNS server on localhost? That does not sound too > secure either. That's not what I'm suggesting. People were talking about /etc/hosts vs DNS. I'm saying that 1) DNS servers shouldn't answer questions about the loopback network. 2) Hosts should have hostnames for the loopback network hardwired into /etc/hosts. Ciao, Sheldon. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message