This is part of The Pile, a partial archive of some open source mailing lists and newsgroups.
Date: Mon, 4 Jun 2001 19:21:32 -0700 (PDT)
From: "Dagmar d'Surreal" <dagmar@dsurreal.org>
To: "David E. Fox" <dfox@m206-157.dsl.tsoft.com>
Subject: Re: [svlug] fetchmail
On Mon, 4 Jun 2001, David E. Fox wrote:
> > Odds are nameservice for localhost is not working. Check /etc/hosts
> > and /etc/nsswitch.conf (make sure filed is early in the resolve order).
>
> I thought localhost was always synonymous with 127.0.0.1, by definition,
> regardless of its presence (or absence) in /etc/hosts. I realize it's
> a good thing to include 127.0.0.1 / localhost in /etc/hosts, but I
> would think the translation would be unnecessary, and no name service
> would need to exist. (Aside: the IP infrastructure always returns
> 127.0.0.1 for bogus sites such as "ftp.warez.org" ; where is this done? Is
> there really a 'nameservice' as such for the special address 127.0.0.1, in
> other words? I note that I did not put in the alias in /etc/hosts for
> ftp.warez.org.)
Well, we can make the definition in the usual way (/etc/hosts) or we can
add all kindsa happy kludges to the system resolver to make it
permanent. Personally, I'd rather not implement kludges anymore often
than I absolutely have to.
Using 127.0.0.1 as a polite way of saying "No we don't do that here" is
pretty common actually, since it's always a giggle to give people a
hostname that resolves to that as an FTP server. There are occasionally
newbies around who will actually try exploits against such hosts and
succeed. :) It's also fun to encourage these people to trash the sites
once they break in. =) All you have to do is define the host with that
IP in your zone files. I think I've personally got both warez and pr0n
listed in my zone files, as well as
"you.have.found.the.pretty.princess" and some other throwbacks from when I
would leave my zone files open for people to download at will.
About the only thing further worth mentioning about 127.0.0.1 is that it
is often useful to put a 0.0.127.in-addr.arpa zone into nameservers where
you one might use nslookup from the machine itself. If 127.0.0.1 is
listed as your resolver in your /etc/resolv.conf, nslookup will pitch a
fit and error out if it can't look up the name of the resolver it's
querying (i.e., 127.0.0.1). With that and a localhost entry in your
primary zone you can get around problems with some broken resolver
libraries common to non-Unix operating systems. ;)
===
Date: Wed, 6 Jun 2001 10:19:47 -0700
To: svlug@svlug.org
Subject: Re: [svlug] cnet talking smack...
From: Rick Moen <rick@linuxmafia.com>
I assume Jose _meant_ to ask this on-list.
begin Jose Sanchez quotation:
> Hi Rick, what does this do?
In combination with an entry in /etc/bind/named.conf, as follows...
#doubleclick.net must die
zone "doubleclick.net" {
type master;
file "/etc/bind/doubleclick.net.zone";
};
...it makes my nameserver purport to give authoritative nameservice
results for any hostname of the form *.doubleclick.net, where the result
it returns is null.
Thus, any machine that uses my nameserver will not see Doubleclick ad
banners at all, nor cooperate in their efforts to spy on users' browsing
habits. It was Don Marti's idea. See: http://zgp.org/~dmarti/
This is a more systematic approach than the common remedy of manually
adding ad-banner hostnames to /etc/hosts, resolving to 127.0.0.0/8 IP
addresses, for at least three reasons: (1) You can never keep up with
all the myriad variations of hostname foo in foo.evilcompany.com
domains. (2) Many ad-banner sites are linked by IP addresses, rather
than hostnames. (3) A nameserver solution as opposed to a static
host-file solution means you can benefit other hosts that elect to use
your nameserver, instead of just one machine.
Given the reliable kook quotient in every crowd, some will inevitably
object that this approach somehow constitutes "censorship". They're
welcome to use different nameservers, or run their own.
(The above syntax is for BIND v. 8.x/9.x. I've linked all known
open-source nameserver packages, including some suitable for
workstations, at the bottom of http://linuxmafia.com/~rick/faq/#djb .)
===
Date: Wed, 6 Jun 2001 16:46:27 -0700
From: Don Marti <dmarti@zgp.org>
To: svlug@svlug.org
Subject: Re: [svlug] cnet talking smack...
begin Rick Moen quotation of Wed, Jun 06, 2001 at 10:19:47AM -0700:
> Thus, any machine that uses my nameserver will not see Doubleclick ad
> banners at all, nor cooperate in their efforts to spy on users' browsing
> habits. It was Don Marti's idea. See: http://zgp.org/~dmarti/
More info at:
http://zgp.org/rbhl/frg/
and
http://zgp.org/linux-elitists/20000425153640.C30737@humulus.zgp.org.html
For ultimate ease of use, there's also a very privacy-licious,
proxy-free, no-DNS-tweaking-required technique at:
http://www.schooner.com/~loverso/no-ads/
--
Don Marti "I've never sent or received a GIF in my life."
http://zgp.org/~dmarti -- Bruce Schneier, Secrets and Lies, p. 246.
dmarti@zgp.org Free the Web, burn all GIFs: http://burnallgifs.org/
===
Date: Thu, 7 Jun 2001 00:47:02 -0700
To: svlug@svlug.org
Cc: Don Marti <dmarti@zgp.org>
Subject: Re: [svlug] cnet talking smack...
From: Rick Moen <rick@linuxmafia.com>
begin Don Marti Uses GIFs on the Sly quotation:
> For ultimate ease of use, there's also a very privacy-licious,
> proxy-free, no-DNS-tweaking-required technique at:
> http://www.schooner.com/~loverso/no-ads/
Oh, now _that_ is really sweet. It gets around the problem with proxies
that basically only the root user can adjust them, and with uniform
system-wide effects. And the implementation is elegant.
===