The Samba-Bugzilla – Bug 5411
rsyncd.conf allow does not like CNAME
Last modified: 2011-01-03 21:21:50 UTC
When using rsyncd.conf - if the host allow uses a host name and when the FCrDNS of the host name is verified, if the reverse pointer references a CNAME - it doesn't work. The following fails.
hosts allow = *.ctyme.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31491
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 3, ADDITIONAL: 5
;; QUESTION SECTION:
;188.8.131.52.in-addr.arpa. IN PTR
;; ANSWER SECTION:
184.108.40.206.in-addr.arpa. 22931 IN CNAME 30.subnet0.42.49.65.in-addr.arpa.
30.subnet0.42.49.65.in-addr.arpa. 8590 IN PTR dns0.ctyme.com.
The 3.1.0dev version will now support a CNAME for a host as long as you list the hostname(s) explicitly (i.e. don't try to wild-card match a CNAME). Wildcard matching can only work against the reverse-DNS name of the connecting IP, since there is no good way to ask for all the IPs that match a wildcard hostname.
hosts allow = bar.foo.com
That will allow host baz.foo.com to connect if bar.foo.com is a CNAME for baz.foo.com