--- glibc-2.2.5/nscd/nscd.conf.nscd-no-host-cache 2000-04-30 06:29:19.000000000 +0200 +++ glibc-2.2.5/nscd/nscd.conf 2002-07-19 13:34:11.000000000 +0200 @@ -38,7 +38,11 @@ suggested-size group 211 check-files group yes - enable-cache hosts yes +# !!!!!WARNING!!!!! Host cache is insecure!!! The mechanism in nscd to +# cache hosts will cause your local system to not be able to trust +# forward/reverse lookup checks. DO NOT USE THIS if your system relies on +# this sort of security mechanism. Use a caching DNS server instead. + enable-cache hosts no positive-time-to-live hosts 3600 negative-time-to-live hosts 20 suggested-size hosts 211