In message <003d01c8c052$7e13feb0$7a3bfc10$@email@example.com> on 05/28/08(08:36:24)
you "David Wang" <firstname.lastname@example.org> wrote:
|As for parameter RES_VRFY="", normally where should I add it to? Command
|line like the below or config file?
|/home/delegate/dgroot/bin/delegated -P443 SERVER=https RES_VRFY=""
|Also I checked the manual, it says this parameter default is none, what does
|it mean "none"? Does it mean by default reverse DNS lookup verification is
|enabled? So we need to disable it via RES_VRFY=""?
No, it is disabled by default.
The value of the RES_VRFY is not yet defined (I think maybe I thought it
should be a list of addresses to be verified) so just the existence of
RES_VRFY= indicates enabling the verification.
On 05/13/08(13:06) I wrote in <_A3975@delegate-en.ML_>
|In this case, the parameter RES_VRFY="" should be added to verify the
|reverse resolution to avoid spoofing by DNS for "http.clients" domain.
When you use host-names or domain-names of clients for access control, it
should be verifyed by DeleGate because it can be easily spoofed by the
DNS server at client side.
9 9 Yutaka Sato <email@example.com> http://delegate.org/y.sato/
( ~ ) National Institute of Advanced Industrial Science and Technology
_< >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan
Do the more with the less -- B. Fuller