Article delegate-en/3996 of [1-5169] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
[Reference:<_A3987@delegate-en.ML_>]
Newsgroups: mail-lists.delegate-en

[DeleGate-En] Re: delegated reload very slow most of time.
09 Jun 2008 07:49:08 GMT feedback@delegate.org (Yutaka Sato)
The DeleGate Project


Hi,

In message <003d01c8c052$7e13feb0$7a3bfc10$@wang@firstwave.com.au> on 05/28/08(08:36:24)
you "David Wang" <pomhqbdyi-e6yerofurylr.ml@ml.delegate.org> wrote:
 |As for parameter RES_VRFY="", normally where should I add it to? Command
 |line like the below or config file?
 |/home/delegate/dgroot/bin/delegated -P443 SERVER=https RES_VRFY=""
 |+=/home/delegated/dgroot/etc/delegate_https.cfg
 |Also I checked the manual, it says this parameter default is none, what does
 |it mean "none"? Does it mean by default reverse DNS lookup verification is
 |enabled? So we need to disable it via RES_VRFY=""?

No, it is disabled by default.

The value of the RES_VRFY is not yet defined (I think maybe I thought it
should be a list of addresses to be verified) so just the existence of
RES_VRFY= indicates enabling the verification.

On 05/13/08(13:06) I wrote in <_A3975@delegate-en.ML_>
 |In this case, the parameter RES_VRFY="" should be added to verify the
 |reverse resolution to avoid spoofing by DNS for "http.clients" domain.

When you use host-names or domain-names of clients for access control, it
should be verifyed by DeleGate because it can be easily spoofed by the
DNS server at client side.

Cheers,
Yutaka
--
  9 9   Yutaka Sato <y.sato@delegate.org> http://delegate.org/y.sato/
 ( ~ )  National Institute of Advanced Industrial Science and Technology
_<   >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan
Do the more with the less -- B. Fuller

  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V