This is part of The Pile, a partial archive of some open source mailing lists and newsgroups.
Date: Mon, 4 Jun 2001 19:21:32 -0700 (PDT) From: "Dagmar d'Surreal" <dagmar@dsurreal.org> To: "David E. Fox" <dfox@m206-157.dsl.tsoft.com> Subject: Re: [svlug] fetchmail On Mon, 4 Jun 2001, David E. Fox wrote: > > Odds are nameservice for localhost is not working. Check /etc/hosts > > and /etc/nsswitch.conf (make sure filed is early in the resolve order). > > I thought localhost was always synonymous with 127.0.0.1, by definition, > regardless of its presence (or absence) in /etc/hosts. I realize it's > a good thing to include 127.0.0.1 / localhost in /etc/hosts, but I > would think the translation would be unnecessary, and no name service > would need to exist. (Aside: the IP infrastructure always returns > 127.0.0.1 for bogus sites such as "ftp.warez.org" ; where is this done? Is > there really a 'nameservice' as such for the special address 127.0.0.1, in > other words? I note that I did not put in the alias in /etc/hosts for > ftp.warez.org.) Well, we can make the definition in the usual way (/etc/hosts) or we can add all kindsa happy kludges to the system resolver to make it permanent. Personally, I'd rather not implement kludges anymore often than I absolutely have to. Using 127.0.0.1 as a polite way of saying "No we don't do that here" is pretty common actually, since it's always a giggle to give people a hostname that resolves to that as an FTP server. There are occasionally newbies around who will actually try exploits against such hosts and succeed. :) It's also fun to encourage these people to trash the sites once they break in. =) All you have to do is define the host with that IP in your zone files. I think I've personally got both warez and pr0n listed in my zone files, as well as "you.have.found.the.pretty.princess" and some other throwbacks from when I would leave my zone files open for people to download at will. About the only thing further worth mentioning about 127.0.0.1 is that it is often useful to put a 0.0.127.in-addr.arpa zone into nameservers where you one might use nslookup from the machine itself. If 127.0.0.1 is listed as your resolver in your /etc/resolv.conf, nslookup will pitch a fit and error out if it can't look up the name of the resolver it's querying (i.e., 127.0.0.1). With that and a localhost entry in your primary zone you can get around problems with some broken resolver libraries common to non-Unix operating systems. ;) === Date: Wed, 6 Jun 2001 10:19:47 -0700 To: svlug@svlug.org Subject: Re: [svlug] cnet talking smack... From: Rick Moen <rick@linuxmafia.com> I assume Jose _meant_ to ask this on-list. begin Jose Sanchez quotation: > Hi Rick, what does this do? In combination with an entry in /etc/bind/named.conf, as follows... #doubleclick.net must die zone "doubleclick.net" { type master; file "/etc/bind/doubleclick.net.zone"; }; ...it makes my nameserver purport to give authoritative nameservice results for any hostname of the form *.doubleclick.net, where the result it returns is null. Thus, any machine that uses my nameserver will not see Doubleclick ad banners at all, nor cooperate in their efforts to spy on users' browsing habits. It was Don Marti's idea. See: http://zgp.org/~dmarti/ This is a more systematic approach than the common remedy of manually adding ad-banner hostnames to /etc/hosts, resolving to 127.0.0.0/8 IP addresses, for at least three reasons: (1) You can never keep up with all the myriad variations of hostname foo in foo.evilcompany.com domains. (2) Many ad-banner sites are linked by IP addresses, rather than hostnames. (3) A nameserver solution as opposed to a static host-file solution means you can benefit other hosts that elect to use your nameserver, instead of just one machine. Given the reliable kook quotient in every crowd, some will inevitably object that this approach somehow constitutes "censorship". They're welcome to use different nameservers, or run their own. (The above syntax is for BIND v. 8.x/9.x. I've linked all known open-source nameserver packages, including some suitable for workstations, at the bottom of http://linuxmafia.com/~rick/faq/#djb .) === Date: Wed, 6 Jun 2001 16:46:27 -0700 From: Don Marti <dmarti@zgp.org> To: svlug@svlug.org Subject: Re: [svlug] cnet talking smack... begin Rick Moen quotation of Wed, Jun 06, 2001 at 10:19:47AM -0700: > Thus, any machine that uses my nameserver will not see Doubleclick ad > banners at all, nor cooperate in their efforts to spy on users' browsing > habits. It was Don Marti's idea. See: http://zgp.org/~dmarti/ More info at: http://zgp.org/rbhl/frg/ and http://zgp.org/linux-elitists/20000425153640.C30737@humulus.zgp.org.html For ultimate ease of use, there's also a very privacy-licious, proxy-free, no-DNS-tweaking-required technique at: http://www.schooner.com/~loverso/no-ads/ -- Don Marti "I've never sent or received a GIF in my life." http://zgp.org/~dmarti -- Bruce Schneier, Secrets and Lies, p. 246. dmarti@zgp.org Free the Web, burn all GIFs: http://burnallgifs.org/ === Date: Thu, 7 Jun 2001 00:47:02 -0700 To: svlug@svlug.org Cc: Don Marti <dmarti@zgp.org> Subject: Re: [svlug] cnet talking smack... From: Rick Moen <rick@linuxmafia.com> begin Don Marti Uses GIFs on the Sly quotation: > For ultimate ease of use, there's also a very privacy-licious, > proxy-free, no-DNS-tweaking-required technique at: > http://www.schooner.com/~loverso/no-ads/ Oh, now _that_ is really sweet. It gets around the problem with proxies that basically only the root user can adjust them, and with uniform system-wide effects. And the implementation is elegant. ===