On 2013/05/05 10:06, Nick Holland wrote: > On 05/04/13 01:57, Ted Unangst wrote: > > On Sat, May 04, 2013 at 07:26, Martijn van Duren wrote: > >> For a lot of cases this isn't a problem. But there are a couple of > >> instances where the domain name resolves to something a little to > >> generic to be useful to determine it's origin and hence I'm not able to > >> decide if it's a legit connection or not, let alone being able to place > >> it in my firewall. > >> To fix this for myself I made this minor patch to retrieve the ip > >> address instead of the the reverse lookup. This appears to be the same > >> behavior as sshd shows. > > > > I think this is wise. Reverse lookups are not really useful imo. If > > someone cares, they can always do them later. > > > > regarding the concept, not the patch...agreed. > > I have OFTEN wished I had the raw IP address in a log, I've rarely (I > want to say "never") wished I had a reverse DNS lookup. > > Nick. >
I don't feel too strongly about it but my preference would be to log both. There are circumstances (e.g. dhcp with dynamic dns updates) where it's useful to have the reverse at the time of connection.
