Outdated DNS and syslog
Aaron Schultz (hey_you@POWERTRIP.NET)
Fri, 07 Nov 1997 11:25:58 -0800
Many large ISPs such as iadfw.net are still pointing their nameservers at
cache servers that apparently are pointed at other cache servers and so
on. If you are one of the people doing this you are in danger of not
being able to correctly identify and go after anyone who may attampt to
hack your system. Besides being a DNS issue this is a syslog issue since
most versions of syslog auto-lookup domain information and logs that
instead of the IP. I believe that there are probably patches for syslog
to log both IP and DNS lookups or just the IP, but the other solution is
going to a root DNS server for lookups - this way your data in your syslog
will be updated with who is REALLY connecting to your system instead of
outdated cache data. Perhaps the syslog deal isn't a true bug, but it is
definately something that should be thought about since most
administrators depend on those log files to see who is attempting to
connect.
=================================================================
Aaron Schultz - hey_you@powertrip.net - www.powertrip.net/~master
In a world without fences, who needs Gates?
=================================================================