Penned by Ted Unangst on 20130504 0:57.40, we have: | On Sat, May 04, 2013 at 07:26, Martijn van Duren wrote: | > For a lot of cases this isn't a problem. But there are a couple of | > instances where the domain name resolves to something a little to | > generic to be useful to determine it's origin and hence I'm not able to | > decide if it's a legit connection or not, let alone being able to place | > it in my firewall. | > To fix this for myself I made this minor patch to retrieve the ip | > address instead of the the reverse lookup. This appears to be the same | > behavior as sshd shows. | | I think this is wise. Reverse lookups are not really useful imo. If | someone cares, they can always do them later.
I always set 'UseDNS no' in my sshd_config, same argument, and if dns is borked for any reason, it avoids needless delay getting into an afflicted system to unbork it. Thanks, -- Todd Fries .. t...@fries.net ____________________________________________ | \ 1.636.410.0632 (voice) | Free Daemon Consulting, LLC \ 1.405.227.9094 (voice) | http://FreeDaemonConsulting.com \ 1.866.792.3418 (FAX) | PO Box 16169, Oklahoma City, OK 73113 \ sip:freedae...@ekiga.net | "..in support of free software solutions." \ sip:4052279...@ekiga.net \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ 37E7 D3EB 74D0 8D66 A68D B866 0326 204E 3F42 004A http://todd.fries.net/pgp.txt
