This is a failure in the (TCP wrappers?) that should be reconfigured.
That's a policy decision, not a technical one. The policy I have decided to follow is that I don't support people with non-authenticable IP addresses. I feel it is in the best interest of the Internet and of the organizations using the Internet (like Netscape) that I prevent people from claiming to be from Netscape with possibly forged IP addresses. You should feel free to make your policy decisions as you feel best, while I certainly exercize that freedom on my end.
Since the service you are providing is available without any authentication, there is no reason to match hostnames to IPs with a double reverse lookup.
That's not right. My service requires authentication in the sense of not allowing obviously forged IP addresses. The audit trails generated by the process allow me to my services, send mail (when people use the ident daemon) about improvements. For example, there was an inaccessible file due to an error on my part - my automated error detection system popped the error up on the screen within a few seconds, I investigated, fixed the proteciton setting, and sent email to the person letting them know that the file was now accessible and that it way my fault. This is also used as part of the identification process used to assure that information is not sent to locations where I am aware it is illegal to send it. For example, Singapore has restrictions that make it illegal to send them certain things, and I check for their addresses as part of my access controls - made feasible via the IP address verification process.
Since your server is secure, what does it really matter where the connections are coming from? If netscape chooses to hide host information, they should be allowed to.
Because secure means more than "you can't harm me by using it". It implies integrity, availability, confidentiality, and redundancy to provide assurance that those things are the case. It implies not only keeping my site from being attacked, but trying to obey the laws of countries from all over the world, keeping my site from being use to attack other sites, limiting legal liabilities, and on and on. If someone choses to use a non-verifiable network address, I choose to not provide services.
Cypherpunk relevance? Its wrong to demand authentication when you don't care. Airports, bars, 'anonymous' FTP servers and the like should all take the level of authentication they need.
It's wrong to make assumptions about what I care about when you haven't asked me. I care about you and everyone else using the Internet. I care enough to help prevent forgeries by not supporting them, and to help people debug their (perhaps faulty) firewalls by identifying the source of problems and helping them resolve them. I think that authentication at some level is appropriate for anyone who uses computers, even anonymously. -- -> See: Info-Sec Heaven at URL http://all.net Management Analytics - 216-686-0090 - PO Box 1480, Hudson, OH 44236