[luau] dhcp-146-41
Vince Hoang
luau at ml.altern8.net
Tue Dec 24 22:56:01 PST 2002
On Tue, Dec 24, 2002 at 08:44:56PM -1000, Eric Hattemer wrote:
> I concur 100%. There's an IP standard of sorts that says that
> all IP addresses should have a hostname attached.
I only wish it were a standard. Most of the ISPs I run into do
not have all their assigned IP space resolvable.
> There are many services that do forward and reverse DNS lookups
> on your IP/hostname to make sure they match.
That is probably due to the paranoid option in tcpwrappers.
It is a flawed concept. Avoid it if you can. [1]
> Now maybe you're worried that your IP doesn't change too much.
Some ISPs made the argument that by using DHCP, customers become
a moving target and hopefully less likely to get compromised. I
agree that it makes a targetted attack more difficult, but most
customers are likely to be hit by automated attacks.
> You could even buy a real domain name, and just update it every
> time it changes.
Services like dyndns.org even provide agents you can run that
automatically updates your domain to resolve to your current IP
address.
-Vince
[1] This might sound like I am contradicting myself. If you use
only IP ranges in your /etc/hosts.allow, then the paranoid option
is never needed and you avoid the cost of having to perform 2
lookups (IP -> hostname, hostname -> IP). If DNS is not setup
properly, you have to wait for _both_ lookups to timeout.
More information about the LUAU
mailing list