[37434] in North American Network Operators' Group
Re: To CAIS Engineers - WAKE UP AND TAKE CARE OF YOUR CUSTOMERS
daemon@ATHENA.MIT.EDU (Adam McKenna)
Mon May 14 01:09:44 2001
Date: Sun, 13 May 2001 22:06:15 -0700
From: Adam McKenna <adam@flounder.net>
To: nanog@nanog.org
Message-ID: <20010513220615.B6987@flounder.net>
Mail-Followup-To: nanog@nanog.org
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <9DC8BBAD4FF100408FC7D18D1F0922860E45EB@condor.mhsc.com>
Errors-To: owner-nanog-outgoing@merit.edu
On Sun, May 13, 2001 at 06:04:12PM -0700, Roeland Meyer wrote:
> Gee, I wish you knew what you were talking about. Basic security starts with
> reverse, see tcp_wrappers
tcp_wrappers is joke security. Anyone using TCP wrappers and hostname-based
rules is braindead.
> SSH
SSH does not require reverse DNS to operate properly.
> Oracle (try and build a DB without reverse working right. Net8 stops you
> dead in your tracks).
Sorry, but this is just 100% wrong. I've set up Oracle on many boxes and you
don't need any DNS at all to set up an oracle DB. In fact, I tell our DBA's
to use IP addresses in their TNSNAMES.ORA files because I don't want the DB
depending on DNS.
> Half of my ACLs don't work right because reverse isn't correct.
Too bad for you. Maybe you should get better ACL's.
> > ps - 32/27.0.168.192.in-addr.arpa., learn it, love it, live it.
>
> Thu May 10 22:59:09 [root:2]#> ps - 32/27.0.168.192.in-addr.arpa.
> ERROR: Garbage option.
Heh.
--Adam
