[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: editfiles methodology question
|
From: |
Mark Burgess |
|
Subject: |
Re: editfiles methodology question |
|
Date: |
Mon, 07 Nov 2005 19:26:51 +0100 |
There are, of course, reasons for doing so -- but they are, in my purist
option, hacks. I always think it is a shame when people recommend hacks
to work around other software, instead of fixing the problems at root
cause.... but now someone will ask me why I haven't fixed all the
problems with cfengine,,,
M
On Mon, 2005-11-07 at 10:21 -0800, Eli Stair wrote:
> Fair enough.
>
> I agree mimmic-ing the behaviour of another program just because it is
> "correct" in that context is not really exemplary of good practice. But
> in the context of those examples, it's valid.
>
> Point being I guess that if one were interoperating with these or other
> similar systems, having a dichotomy in the way hostnames resolve like
> that can be confusing and even dangerous (if you have humans running it ;).
>
> I actually don't have a strong opinion either way, unless there came a
> point when at a system-level cfengine and other software required
> different levels of DNS granularity. The "other" software occasionally
> does have a system-level requirement already.
>
> /eli
>
> Mark Burgess wrote:
> > I disagree with them.
> >
> > On Mon, 2005-11-07 at 10:09 -0800, Eli Stair wrote:
> >
> >>I'm not the expert on this (as I haven't READ the relevant RFC's), but
> >>for instance when running Kerberos and Oracle (and probably other auth
> >>software as well) the best practice (and it's been stated RFC-compliant
> >>method) is to return FQDN for hostname lookups.
> >>
> >>Not doing so will result in improper/non-functional Kerberos with
> >>tickets not applying to a host or service (been there). Oracle can
> >>break all authenticated connectivity (been there too). They even go so
> >>far as to recommend defining FQDN in /etc/hosts for all Oracle hosts to
> >>bypass any DNS/system-level problems with resolution.
> >>
> >>Very over-simplified example, but a valid one I've had to deal with.
> >>
> >>/eli
> >>
> >>
> >>>This is normal if you have fully qualified names returned by your
> >>>hostname lookup, which is not something I recommend.
> >>>
> >
> >
> >
>
- editfiles methodology question, Viraj Alankar, 2005/11/06
- Re: editfiles methodology question, Brendan Strejcek, 2005/11/06
- Re: editfiles methodology question, Mark Burgess, 2005/11/06
- Re: editfiles methodology question, Brendan Strejcek, 2005/11/06
- Re: editfiles methodology question, Viraj Alankar, 2005/11/06
- Re: editfiles methodology question, Mark Burgess, 2005/11/06
- Re: editfiles methodology question, Eli Stair, 2005/11/07
- Re: editfiles methodology question, Mark Burgess, 2005/11/07
- Re: editfiles methodology question, Eli Stair, 2005/11/07
- Re: editfiles methodology question,
Mark Burgess <=
- Re: editfiles methodology question, Atom Powers, 2005/11/07
RE: editfiles methodology question, Martin, Jason H, 2005/11/07
RE: editfiles methodology question, Martin, Jason H, 2005/11/07