tech-userlevel archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: CVS commit: src/etc/rc.d



Tonnerre LOMBARD <tonnerre%netbsd.ch@localhost> writes:
> Salut,
>
> On Mon, Aug 03, 2009 at 03:51:29PM -0400, Perry E. Metzger wrote:
>> It "could", but that's not available in all circumstances -- many
>> servers do not have servers other than 127.0.0.1 in resolv.conf
>
> I don't think any sysadmin in the right mind would put _solely_ the
> local host into that file.

I suppose I'm not in my right mind, then, and neither are lots of people
who care about security in circumstances where no other trustworthy
server exists.

(As an aside, one wonders where you think people can always get said
"other servers" from -- do you imagine that all servers on the internet
permit recursive queries from unknown machines? Of course, often there
is an untrustworthy ISP server available, which these days is often
happy to provide you with the "service" of redirecting you to
advertising pages they manage when you "mistakenly" ask for a
non-existent A record.)

Perry


Home | Main Index | Thread Index | Old Index