Subject: Re: localhost security hole
To: Robert Elz <kre@munnari.OZ.AU>
From: David Laight <firstname.lastname@example.org>
Date: 06/28/2003 16:02:53
> That's because they use getaddrinfo() (or gethostbyname()). And they do
> exhibit the problem if your nsswitch.conf is sane (does DNS lookups only,
> or at least, DNS lookups before using /etc/hosts or other methods).
> Preferring /etc/hosts is just a recipe for disaster in general.
In my experience it is the other way around.
Also you need to put entries into /etc/hosts for any system you
NFS mount from during the boot process.
Then you can boot systems when the name server is down.
(Or if you have nasty non-hierarchic NFS mounts that make it almost
impossible to bring all the systems up in a sane order after a
David Laight: email@example.com