]] Bastien ROUCARIES | main security problem is resolver, | $host -v www.local | www.local | www.local.mydomain.com
So the security problem you see is that if you have a domain called «local» the entries in it might be spoofed due to how the resolver works? To the extent this is a bug, it's a bug in the resolver that it does not treat names with dots in them as absolute, but relative. I know this is how it's been done in the past, but perhaps changing that to treating names with as absolute would be a better solution. Cheers, -- Tollef Fog Heen UNIX is user friendly, it's just picky about who its friends are -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/871v2ojhuy....@qurzaw.varnish-software.com
