> Chris Davies a écrit : >> /etc/hosts.allow could provide a level of protection for names matching, >> e.g. "*.dyndns.org".
Pascal Hambourg <pascal.m...@plouf.fr.eu.org> wrote: > This won't work, because usually the reverse DNS is not in *.dyndns.org. > somename.dyndns.org -> IP address -> some other name defined by the ISP. Interesting, that one. I don't use hosts.allow myself - but it's frequently recommended by others. It's not at all clear (to me) from the man page that the canonical name must be provided in hosts.allow, but empirically it appears that this indeed is the case. Arguably, this is less than optimal from a user-centric perspective. (Consider a host with multiple A records, perhaps a well-connected web server running a number of vHosts. It seems to me that it would make more sense to do a forward DNS lookup on a name (where possible) and match the resulting set of addresses against the incoming IP. Ineffective on domain matching, but surely useful for host-based matching?) Chris -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/peqa48xv1m....@news.roaima.co.uk
