[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: editfiles methodology question

From: Mark Burgess
Subject: Re: editfiles methodology question
Date: Mon, 07 Nov 2005 19:26:51 +0100

There are, of course, reasons for doing so -- but they are, in my purist
option, hacks. I always think it is a shame when people recommend hacks
to work around other software, instead of fixing the problems at root
cause.... but now someone will ask me why I haven't fixed all the
problems with cfengine,,, 


On Mon, 2005-11-07 at 10:21 -0800, Eli Stair wrote:
> Fair enough.
> I agree mimmic-ing the behaviour of another program just because it is 
> "correct" in that context is not really exemplary of good practice.  But 
> in the context of those examples, it's valid.
> Point being I guess that if one were interoperating with these or other 
> similar systems, having a  dichotomy in the way hostnames resolve like 
> that can be confusing and even dangerous (if you have humans running it ;).
> I actually don't have a strong opinion either way, unless there came a 
> point when at a system-level cfengine and other software required 
> different levels of DNS granularity.  The "other" software occasionally 
> does have a system-level requirement already.
> /eli
> Mark Burgess wrote:
> > I disagree with them.
> > 
> > On Mon, 2005-11-07 at 10:09 -0800, Eli Stair wrote:
> > 
> >>I'm not the expert on this (as I haven't READ the relevant RFC's), but 
> >>for instance when running Kerberos and Oracle (and probably other auth 
> >>software as well) the best practice (and it's been stated RFC-compliant 
> >>method) is to return FQDN for hostname lookups.
> >>
> >>Not doing so will result in improper/non-functional Kerberos with 
> >>tickets not applying to a host or service (been there).  Oracle can 
> >>break all authenticated connectivity (been there too).  They even go so 
> >>far as to recommend defining FQDN in /etc/hosts for all Oracle hosts to 
> >>bypass any DNS/system-level problems with resolution.
> >>
> >>Very over-simplified example, but a valid one I've had to deal with.
> >>
> >>/eli
> >>
> >>
> >>>This is normal if you have fully qualified names returned by your
> >>>hostname lookup, which is not something I recommend. 
> >>>
> > 
> > 
> > 

reply via email to

[Prev in Thread] Current Thread [Next in Thread]