Control: forwarded -1 https://github.com/munin-monitoring/munin/issues/1175 Control: tags -1 +fixed-upstream
Hello, On Sat, 11 Feb 2012 10:40:28 +0100 Petter Reinholdtsen <p...@hungry.com> wrote: > Well, unless you can show me an example munin-node.conf file setting the > reverse_lookups argument to Net::Server, I believe you are wrong. I > find no trace of any code in munin-node allowing the user to set this > argument for Net::Server. This make me convinced this issue need to be > solved in munin-node, not Net::Server. Yes, indeed the "reverse_lookups" argument is not passed to Net::Server at the moment. > One way to solve it would be to use the allow_deny_hook mechanism > provided by Net::Server to look up connecting hosts using innetgr. > Another and less flexible way would be to make it possible to set the > reverse_lookups argument to Net::Server. Allowing "reverse_lookups" is the easiest way forward. But sadly Net::Server exposes two problems at the moment: * CPAN #129377 [1]: no reverse DNS resolution if munin-node is bound to an IPv6 socket (applicable for most hosts) * CPAN #83909 [2] / Debian #702914 [3]: the reverse DNS name is not verified (it can easily be spoofed by anyone) We just included the "reverse_lookups" setting upstream in commit 574d102b32 (to be released as 2.0.48). This should fix this issue as far as munin is converned. But the two issues with Net::Server remain open. Cheers, Lars [1] https://rt.cpan.org/Ticket/Display.html?id=129377 [2] https://rt.cpan.org/Public/Bug/Display.html?id=83909 [3] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702914 [4] https://github.com/munin-monitoring/munin/commit/574d102b322b23da72e687c7cbe130d28f8fa8e2