[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: log_rdns.patch



Brian Reichert wrote:
> On Wed, Mar 09, 2016 at 03:47:44PM +0100, Michael Str??der wrote:
>> As Howard already said:
>> Use a decent logfile post-processor before looking at the log file.
> 
> But, what if PTR records have changed between when the log entry is
> written, and it's analysis?

Simply do the log post processing pretty soon after the request.

> In my own opinion, if you're not running a public server, but one
> within your company's LAN, then the set of hostnames won't be as
> numerous, nor as fluid, so I suspect descent resolver could cope.
> 
> I agree that such a feature on a public server would not fare well.

Even on an internal (LDAP) server it can be pretty problematic to turn on
reverse DNS lookups.

Example:
If you're using your LDAP server for admin's system/device login you might need
it especially during a partial outage/failure of your infrastructure. So when
login to your network router or similar you're likely very happy not to need
more moving parts to work.
(Well, you should have a decent emergency login in place, but it's hopefully
protected by more security measures making it more effort to actually use it.)

Basically not relying on reverse DNS is best common practice in most cases since
many years.

Anyway I'm not the one to decide on that. I rather just want to show Howard
acceptance to remove this highly deprecated feature to make the code base
smaller for saving time to be spent on more useful programming.

Ciao, Michael.


Attachment: smime.p7s
Description: S/MIME Cryptographic Signature