Re: lpd with clients using "privacy" addresses

To: der Mouse <mouse%Rodents-Montreal.ORG@localhost>
Subject: Re: lpd with clients using "privacy" addresses
From: Ignatios Souvatzis <is%netbsd.org@localhost>
Date: Tue, 29 Mar 2011 07:54:05 +0200

On Fri, Mar 25, 2011 at 12:29:27PM -0400, der Mouse wrote:
> I would say lpd is the canary in the coalmine.  The right thing to do
> is to fix your rDNS - to fix, work around, or stop using whatever is
> breaking it.  Patching lpd is basically sticking your fingers in your
> ears and going LA LA LA I CAN'T HEAR YOU when lpd is points out the
> brokenness.

I read your comments, and in general, I agree with the basic requirement,
that one element of rDNS should agree with one element of DNS.

But I don't think this should apply in the case we're talking about:

$(cat /etc/hosts.lpd) -eq '+')

Here

a) we shouldn't check host names at all (and the only conceptionally
ugly part is where I continue to use rDNS; I should check whether using
a string representation of the host name works);

b) if the lpd's administrator really wants to accept print jobs from
anonymous hosts that set up meaningless, but matching forward and
reverse DNS, they can do this (actually for all or a subset of libwrap-using
services (all inetd-called and lpd being some of them)) using a
PARANOID rule with the right polarity in /etc/hosts.allow (or
/etc/hosts.deny).

Regards,
        -is

References:
- lpd with clients using "privacy" addresses
  - From: Ignatios Souvatzis
- Re: lpd with clients using "privacy" addresses
  - From: der Mouse

Prev by Date: [patch] hide forwarding table implementation (radix trie)
Next by Date: Thought on IPv6 support for NPF.
Previous by Thread: Re: lpd with clients using "privacy" addresses
Next by Thread: GSoC 2011 - Implement RFC 6056
Indexes:

Home | Main Index | Thread Index | Old Index