Re: hosts.allow does not resolve names

On Tue, 27 Nov 2007, in the Usenet newsgroup comp.os.linux.networking, in
article <slrnfkngs1.cog.BitTwister@xxxxxxxxxxxxxxx>, Bit Twister wrote:

hosts.allow does not work with network names.

OPINION: I don't like to use hostnames, as they are subject to spoofing.
IP addresses are harder to spoof. Yes, in this case, it shouldn't be
a major concern, but I go for blanket solutions.

Would some kind soul tell me why it does not work?

/etc/hosts.allow fails with
ALL: .home.invalid
but ALL: 192.168.1.0/255.255.255.0 works.

OK - syntax looks correct. No errant space or anything?

hostname --domain
home.invalid

$ grep hosts: /etc/nsswitch.conf
hosts: files dns

$ cat /etc/host.conf
order hosts,bind
multi on
nospoof on
spoofalert on

If you drop the last two, does it work?

$ head -4 /etc/hosts

OK. Assumption is no other lines containing those IP addresses.

Not running named/bind, NIS, YP. avahi*, tmdns

If you do a 'strings | grep host /path/to/tcpd' you will see that it's
using a standard 'gethostbyaddr' and 'gethostbyname' library calls, so
if you can 'ping -c 1 m2008.home.invalid' then tcpd _should_ work. You
may want to up the log level, because this same 'strings' command shows

can't verify hostname: gethostbyname(%s) failed

as one of the error messages. In your followup, you show tcpd logging
the full name, so I _believe_ it is resolving the name (otherwise, it
would be logging the IP), or am I mis-interpreting your mail snip?

Tried tcpdchk but Mandirva runs xinetd instead of inetd so it fails.

That's a problem. Wietse Venema hasn't been maintaining the application
for many years (7.6 is from March 1997), while xinetd was introduced in
late 2000. You might try an 'strace' of xinitd but that sounds kind of
messy.

Old guy
.