Re: Is there any point to full host names in /etc/hosts ?
- From: David Brown <david.brown@xxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 08 Nov 2007 09:27:28 +0100
Moe Trin wrote:
On Wed, 07 Nov 2007, in the Usenet newsgroup comp.os.linux.networking, in
article <473236ae$0$3209$8404b019@xxxxxxxxxxxxxxx>, David Brown wrote:
Moe Trin wrote:
At least that's what it says on the man page I have ;-)I don't know how I missed that before, but the option is in my man
page now!
I just grabbed the page off the 'net, as it's not installed on any of
the systems here. The source appears to be
http://www.thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html.
As far as I can see, the -H option works like a file full of -A lines, nd is thus more convenient for me.
That's one way to do it. Our DNS servers are updated via a dumb script
that uses a file very much like the hosts file as a source, but it also
creates the separate forward and reverse zones, and then kicks the
primary name server to update things. We don't have external IPs in
the zone files as we aren't authoritative for them.
Well, you could always set up a local proxy server (and blockI intend to set up a proxy server sometime (I'm going to test out
outbound access to port 80 from all but that server) and configure
it to abuse the users who try to connect using IE... but you may not
win many friends by doing so ;-)
squid with clamd virus scanning, at least for web-based email sites
which bypass the normal email scanner).
Why do you need web-based email sites? Doesn't your company run it's
own mail system? Here, both Security and HR would be going ballistic
if our users even tried accessing those sites, never mind attempting
to do business through them. Company policy prohibits personal use of
computers or network, which is why we've got "Employee Association"
owned computers in the break areas and they're on a separate network
completely isolated from the company.
You are in a much bigger company than ours, and with much stricter rules. There's always a certain amount of tradeoff between security and functionality and flexibility (the most secure computers have no network access of any kind, for example) - the trick is getting the maximum realistic security while still providing the functionality and flexibility you want for the users. Given the size of our company, and the openness and freedom we like to have, together with the technical abilities of the users (they are at least fairly competent, and have no problem following rules and guidelines), we have a rather different view. People are free to use browsers as they want, as long as they are responsible. Using non-IE browsers means they have to work harder to get malware onto their machines - having a virus scanner in the path would make it even harder.
I'll log access by IE rather than block it (as the IT man, I have few
enough friends...)
You have friends... Wow. ;-) Seriously, I'm lucky here as
we don't use windoze at this facility - it's limited mainly to the
corporate and the regional sales offices which are on different subnets
thankfully. We also don't allow visiting computers. That eliminates a
lot of network problems.
We have a wireless network for visiting computers, or other "unsafe" machines (such as laptops that may be used off-site).
Old guy.
- Follow-Ups:
- Re: Is there any point to full host names in /etc/hosts ?
- From: Moe Trin
- Re: Is there any point to full host names in /etc/hosts ?
- From: Bit Twister
- Re: Is there any point to full host names in /etc/hosts ?
- From: david
- Re: Is there any point to full host names in /etc/hosts ?
- References:
- Is there any point to full host names in /etc/hosts ?
- From: Rikishi 42
- Re: Is there any point to full host names in /etc/hosts ?
- From: Moe Trin
- Re: Is there any point to full host names in /etc/hosts ?
- From: David Brown
- Re: Is there any point to full host names in /etc/hosts ?
- From: Moe Trin
- Re: Is there any point to full host names in /etc/hosts ?
- From: David Brown
- Re: Is there any point to full host names in /etc/hosts ?
- From: Moe Trin
- Re: Is there any point to full host names in /etc/hosts ?
- From: David Brown
- Re: Is there any point to full host names in /etc/hosts ?
- From: Moe Trin
- Re: Is there any point to full host names in /etc/hosts ?
- From: David Brown
- Re: Is there any point to full host names in /etc/hosts ?
- From: Moe Trin
- Re: Is there any point to full host names in /etc/hosts ?
- From: David Brown
- Re: Is there any point to full host names in /etc/hosts ?
- From: Moe Trin
- Is there any point to full host names in /etc/hosts ?
- Prev by Date: anybody have mpptest experience?
- Next by Date: Re: Is there any point to full host names in /etc/hosts ?
- Previous by thread: Re: Is there any point to full host names in /etc/hosts ?
- Next by thread: Re: Is there any point to full host names in /etc/hosts ?
- Index(es):
Relevant Pages
|
