[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: editfiles methodology question

From: Eli Stair
Subject: Re: editfiles methodology question
Date: Mon, 07 Nov 2005 10:21:46 -0800
User-agent: Mozilla Thunderbird 1.0.2-6 (X11/20050513)

Fair enough.

I agree mimmic-ing the behaviour of another program just because it is "correct" in that context is not really exemplary of good practice. But in the context of those examples, it's valid.

Point being I guess that if one were interoperating with these or other similar systems, having a dichotomy in the way hostnames resolve like that can be confusing and even dangerous (if you have humans running it ;).

I actually don't have a strong opinion either way, unless there came a point when at a system-level cfengine and other software required different levels of DNS granularity. The "other" software occasionally does have a system-level requirement already.


Mark Burgess wrote:
I disagree with them.

On Mon, 2005-11-07 at 10:09 -0800, Eli Stair wrote:

I'm not the expert on this (as I haven't READ the relevant RFC's), but for instance when running Kerberos and Oracle (and probably other auth software as well) the best practice (and it's been stated RFC-compliant method) is to return FQDN for hostname lookups.

Not doing so will result in improper/non-functional Kerberos with tickets not applying to a host or service (been there). Oracle can break all authenticated connectivity (been there too). They even go so far as to recommend defining FQDN in /etc/hosts for all Oracle hosts to bypass any DNS/system-level problems with resolution.

Very over-simplified example, but a valid one I've had to deal with.


This is normal if you have fully qualified names returned by your
hostname lookup, which is not something I recommend.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]