warning: /etc/hosts.allow, line : host name/address mismatch
[tcpd]
とあるサーバで以下のLOGが出力されていた
warning: /etc/hosts.allow, line 11: host name/address mismatch: 123.31.2.155 != xxx.xxxx.jp
xxx.xxxx.jpはhosts.allowで許可しているドメイン。
IPを調べてみるとベトナムからのアクセスの模様。
どういう機能なのかマニュアルを見てみる
$ man tcpd
該当箇所抜粋
tcpd verifies the client host name that is returned by the address->name DNS server by looking at the host name and address that are returned by the name->address DNS server. If any discrepancy is detected, tcpd con‐ cludes that it is dealing with a host that pretends to have someone elses host name. If the sources are compiled with -DPARANOID, tcpd will drop the connection in case of a host name/address mis‐ match. Otherwise, the hostname can be matched with the PARANOID wildcard, after which suitable action can be taken. SEE ALSO hosts_access(5), format of the tcpd access control tables.
PARANOIDという機能らしい。
IPアドレスを名前解決して不一致だったアクセスを弾くようだ。
host_accessのマニュアルも見れと書いてあるのでこちらも確認
$ man 5 hosts_access
該当箇所抜粋
PARANOID Matches any host whose name does not match its address. When tcpd is built with -DPARANOID (defaultmode), it drops requests from such clients even before looking at the access control tables. Build without -DPARANOID when you want more control over such requests.
デフォルトではPARANOIDは有効になっているようだ。