CentOS - May 2008 - Opinions about SSH and DNS

Hi People,

As part of securing SSH we currently have UseDNS set to yes.  But we are 
finding that a number of ISP's are deliberately refusing to configure 
matching forward and reverse DNS records.  So I am wondering how many of 
you are still using this option?

On Mon, May 26, 2008, Clint Dilks wrote:
>Hi People,
>
>As part of securing SSH we currently have UseDNS set to yes.  But we are 
>finding that a number of ISP's are deliberately refusing to configure 
>matching forward and reverse DNS records.  So I am wondering how many of 
>you are still using this option?
The main utility of using DNS is in conjunction with tcp_wrappers
where one wants to use host/domain names in /etc/hosts.allow.

IHMO, competent ISPs will handle DNS forward and reverse properly.

Unfortunately there are a lot of incompetents who purport to be ISPs.

Bill
-- 
INTERNET:   bill at celestial.com  Bill Campbell; Celestial Software LLC
URL: http://www.celestial.com/  PO Box 820; 6641 E. Mercer Way
Voice:          (206) 236-1676  Mercer Island, WA 98040-0820
Fax:            (206) 232-9186

A government which robs Peter to pay Paul can always depend on the support
of Paul -- George Bernard Shaw