Stephen Harris <lists@...> writes:
>
> On Sun, Apr 13, 2014 at 02:06:42PM +0000, David G. Miller wrote:
>
> > Be aware that the actual "owner" of the dynamic IP address is still
> > authoritative for reverse look ups. This means that some uses of a system
> > with a dynamic IP address are problematic (e.g., mail server) since the
> > reverse look up fails. Other uses (sshd) in theory work but folks have to
>
> Not necessarily fail. eg I do my own dynamic DNS so that "xxx.my.domain"
> has an A record to my home. But if I do an rDNS for that IP then it
> returns a verizon.net record. However this is not a problem as long as
> a forward lookup for that name returns an A record which matches.
>
<SNIP>
Interesting. I had to have my ISP add a C record to their DNS for my fixed
IP address before most of my e-mails were accepted. I recently also had to
add an SPF (sender policy framework) record on my DNS to get my e-mails
accepted bu gmail. You could try to manage the SPF record the same way you
do other dynamic IP address records but there was a couple of day lag before
gmail accepted it when I put it in place.
> ssh client should manage that for you automatically. It'll know you're
> connecting to "xxx.my.domain" and the host key will match and it should
> automatically add a new record to known_hosts for the IP address. (Or
> you can configure ssh_config to not care).
>
Absolutely correct but then you lose the IP checking for a man in the middle
attack. This wouldn't be that bad on a fixed IP address but would seem to
be a lot riskier on a dynamic IP address.
Cheers,
Dave
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
