Fair enough.
I agree mimmic-ing the behaviour of another program just because it is
"correct" in that context is not really exemplary of good practice. But
in the context of those examples, it's valid.
Point being I guess that if one were interoperating with these or other
similar systems, having a dichotomy in the way hostnames resolve like
that can be confusing and even dangerous (if you have humans running it ;).
I actually don't have a strong opinion either way, unless there came a
point when at a system-level cfengine and other software required
different levels of DNS granularity. The "other" software occasionally
does have a system-level requirement already.
/eli
Mark Burgess wrote:
I disagree with them.
On Mon, 2005-11-07 at 10:09 -0800, Eli Stair wrote:
I'm not the expert on this (as I haven't READ the relevant RFC's), but
for instance when running Kerberos and Oracle (and probably other auth
software as well) the best practice (and it's been stated RFC-compliant
method) is to return FQDN for hostname lookups.
Not doing so will result in improper/non-functional Kerberos with
tickets not applying to a host or service (been there). Oracle can
break all authenticated connectivity (been there too). They even go so
far as to recommend defining FQDN in /etc/hosts for all Oracle hosts to
bypass any DNS/system-level problems with resolution.
Very over-simplified example, but a valid one I've had to deal with.
/eli
This is normal if you have fully qualified names returned by your
hostname lookup, which is not something I recommend.
_______________________________________________
Help-cfengine mailing list
Help-cfengine@gnu.org
http://lists.gnu.org/mailman/listinfo/help-cfengine
