My PTR / reversing of my domain names seem not to be working any pointers were I can look to fix this?.. Except for people who own a whole C-class network you must tell your provider to change the PTR records. You can't administrate them yourself, if you have less than a C-class network.
Yes, you can. Either you use the RFC 2317 muck to work around BIND's configuration file problems with CIDR, introducing lots of ugly CNAMEs in the process. Or you have the (DNS) authority for your parent zone to delegate all the IP addresses you own to your DNS server individually. This straightforward approach is technically more elegant and consumes less resources. It's also slightly nicer for the parent. It's not so great for you if you use BIND, because you need a separate zone file (and corresponding config file entry) for every individual IP address. It's utterly painless with djbdns, or, more specifically, tinydns from the djbdns package. Cheers Tobias
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 At Mittwoch, 11. September 2002 10:14 Reckhard, Tobias wrote:
[about how to do reverse delegation for one's IP's] Either you use the RFC 2317 muck to work around BIND's configuration file problems with CIDR, introducing lots of ugly CNAMEs in the process.
Pardon me, Tobias, you're saying, that there is a way to do reverse delegation WITHOUT either having the corresponding arpa zone delegated to you (either as a class-C delegation or a partial one through RFC2317) ? How? That would mean you could (howsoever ugly) go around the arpa authoritative nameserver for the class-C subnet -- which would be certainly security related in my version of the DNS bible. Greetings - -- Michael Zimmermann (Vegaa Safety and Security for Internet Services) Key fingerprint = 1E47 7B99 A9D3 698D 7E35 9BB5 EF6B EEDB 696D 5811 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD4DBQE9fwKs72vu22ltWBERAkqCAJdmG9cANXl0gqGiBjMV2TachzhNAJ0W1JZG Ftw4iGtjel4BY1SL/PbCOg== =bi9m -----END PGP SIGNATURE-----
I installed 8.0 about a month ago. The password i wanted to use had 9 characters and the install defaults to 8. I entered the first eight characters and later ran yast to enable 15 character passwords. I also checked all 3 boxes above the password length dialog boxes (md5 or something like that). I changed my password to the 9 character version. Now I can login with either the 8 or the 9 character password.
At Donnerstag, 12. September 2002 04:14 Rob Bourne wrote:
I installed 8.0 about a month ago. The password i wanted to use had 9 characters and the install defaults to 8. I entered the first eight characters and later ran yast to enable 15 character passwords. I also checked all 3 boxes above the password length dialog boxes (md5 or something like that). I changed my password to the 9 character version. Now I can login with either the 8 or the 9 character password.
Sounds like you are still having the crypt()-Version of your password, and only the first 8 characters are hashed. Check the corresponding line in /etc/shadow If the shadow-file says something like username:$1$________$_______________:_etc.. then the password is stored as the MD5 hash (the long format) But if it's like username:___________:_etc.. then the password is stored as the crypt() Hash, where only the first 8 chars of the password are significant. Setting a new password should allways create the MD5-format ( where the hash starts with '$1$' ) Greetings -- Michael Zimmermann (Vegaa Safety and Security for Internet Services) Key fingerprint = 1E47 7B99 A9D3 698D 7E35 9BB5 EF6B EEDB 696D 5811
* Michael Zimmermann wrote on Wed, Sep 11, 2002 at 10:45 +0200:
At Mittwoch, 11. September 2002 10:14 Reckhard, Tobias wrote:
[about how to do reverse delegation for one's IP's] Either you use the RFC 2317 muck to work around BIND's configuration file problems with CIDR, introducing lots of ugly CNAMEs in the process.
Pardon me, Tobias,
you're saying, that there is a way to do reverse delegation WITHOUT either having the corresponding arpa zone delegated to you (either as a class-C delegation or a partial one through RFC2317) ?
How?
He told, that it is possible to delegate each single IP address.
That would mean you could (howsoever ugly) go around the arpa authoritative nameserver for the class-C subnet --
No, you cannot, noone would ask your server. Well, but you *can* insert faked data without any problems, but you'd need some poisioning to spread it. Or if you have control over some forwarders, you can put the zones here, and the forwarder would sent "your" responses.
which would be certainly security related in my version of the DNS bible.
DNS is not made for security! oki, Steffen -- Dieses Schreiben wurde maschinell erstellt, es trägt daher weder Unterschrift noch Siegel.
participants (4)
-
Michael Zimmermann
-
Reckhard, Tobias
-
Rob Bourne
-
Steffen Dettmer