Hi, Sebastien Sable pointed out problems with saned.conf hostnames on his system some time ago. The problem is, that not fully qualified hostnames (e.g. www instead of www.meier-geinitz.de) don't work in saned.conf with his configuration. It's not a DNS problem, because "ping www" works.
The question is: Is it intended behavour that only fully qualified domain names are allowed in saned.conf? If yes, we should note this in man saned. Otherwise, I think a change in saned.c is necessary. Currently, saned uses getpeername and gethostbyaddr to get name(s) and address(es) of the peer. Saned compares the name and the aliases of the peer against the name in saned.conf. This works in my configuration (Debian i386 Linux 2.2) also with pure hostnames. The reason is, that gethostbyaddr returns "www" as the name and "www.meier-geinitz.de" as alias, so access is accepted. In Sebastian's case, gethostbyaddr only returns "www.meier-geinitz.de". I don't know if this is allowed or even recommended by the standards. The manual pages aren't clear about this. A way to avoid this problem would be to use gethostbyname on the entry in saned.conf and to compare the IP addresses. However, this means that for every entry in saned.conf a DNS lookup is executed. I'm not sure if this is a problem. Any comments? Bye, Henning
