Re: tcp.invited_nodes
From: Mladen Gogala <no_at_email.here.invalid>
Date: Tue, 29 Jun 2010 20:42:38 +0000 (UTC)
Message-ID: <pan.2010.06.29.20.42.36_at_email.here.invalid>
On Tue, 29 Jun 2010 21:18:16 +0200, Frank van Bortel wrote:
>
> Not quite, David.
>
> I cannot recall what exactly was the matter, but I have had one instance
> where the listener would not start because one of the clients mentioned
> do longer existed.
> Not sure if it was a DNS lookup to find the IP-address, or the reverse
> (and the IP-address (DHCP!) was no longer available).
>
> Quite horrible if that's a production system, because you will have to
> go through each and every name (in case of DHCP clients) or IP-address
> (servers)
Date: Tue, 29 Jun 2010 20:42:38 +0000 (UTC)
Message-ID: <pan.2010.06.29.20.42.36_at_email.here.invalid>
On Tue, 29 Jun 2010 21:18:16 +0200, Frank van Bortel wrote:
> On 06/29/2010 08:39 PM, ddf wrote:
>> On Jun 29, 2:01 pm, Chuck<chuckh1958_nos..._at_gmail.com> wrote: >>> When using this parameter in sqlnet.ora, and specifying host names, >>> are there any checks performed to see if a hostname has been spoofed? >>> Perhaps comparing the client's IP with a DNS lookup of the host name? >> >> No. The list is used 'as-is' without any verification via DNS lookup. >> >> >> David Fitzjarrell
>
> Not quite, David.
>
> I cannot recall what exactly was the matter, but I have had one instance
> where the listener would not start because one of the clients mentioned
> do longer existed.
> Not sure if it was a DNS lookup to find the IP-address, or the reverse
> (and the IP-address (DHCP!) was no longer available).
>
> Quite horrible if that's a production system, because you will have to
> go through each and every name (in case of DHCP clients) or IP-address
> (servers)
Based on my experience, it's far easier to block the undesired clients by using the firewall rules than by using validnode checking. This feature is useless.
-- http://mgogala.byethost5.comReceived on Tue Jun 29 2010 - 15:42:38 CDT