|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical RE: To CAIS Engineers - WAKE UP AND TAKE CARE OF YOUR CUSTOMERS
On Mon, 14 May 2001, Roeland Meyer whimpered: > > > From: Adam McKenna [mailto:[email protected]] > > Sent: Sunday, May 13, 2001 10:06 PM > > > > Oracle (try and build a DB without reverse working right. > > Net8 stops you > > > dead in your tracks). > > > > Sorry, but this is just 100% wrong. I've set up Oracle on > > many boxes and you > > don't need any DNS at all to set up an oracle DB. In fact, I > > tell our DBA's > > to use IP addresses in their TNSNAMES.ORA files because I > > don't want the DB > > depending on DNS. > > Let's see, I don't want to make my DBs dependent on DNS, so I use IP addrs. > Yet, I can't depend on IP addrs because my upstream might have to be > changed... damn, I shouldn't have depended on my scumbag DSL upstream, eh? > Gee, maybe I should have had a names based system after all? Either way, I > wind up having to rebuild Oracle boxen and application servers, every time > somebody farts. Just what in blue hell are we supposed to do? > Um, lets see...how about this. You use NAT. That'll be $180.00 please. I'll send you an invoice. > BTW, the last I checked SSL certs are usually names based. Pretty slack > security, eh? Slack, no. You're comparing apples to oranges here and HOPEFULLY, you know it. Basing security on IN-ADDR is absolutely idiotic. It is VERY easy to spoof and there's not a damned thing you can do to stop the spoofing. Basing security on IP addresses on the other hand is while not a complete security solution, MUCH MORE SOUND than IN-ADDR. You can at least build ACLs in your router(s) that don't allow spoofed traffic to enter your network. Now, about the SSL security thing. SSL certification is designed to certify the identity of the server and that identity is based on the FQDN. SSL CERTs are around for the PRECISE reason that it is too easy to spoof IN-ADDR, etc. > > This is right on up there with: > > 1) You idiot DSL monkey, you deserve your Inet death because you didn't > multi-home. > 2) No, you can't advertise less than a /20. > 3) No, you don't deserve larger than a /32. > 4) Yes, we know that makes multi-homing impossible for those that need it > the most. > 5) No, we don't care, you idiot DSL monkeys deserve Inet death. > > Yeah, the message you send out is real clear. > ... and one wonders why the Internet has an implosion problem... And that's right up there with "<plonk!> me please! I'm an idiot DSL monkey! WAAAAAAAAAA! My DSL provider went tits-up and I hadn't built any contengency plan. I'm going to go bankrupt! WAAAAAAAAA!" You got caught with your pants down. It's that simple. You're not alone. A whole slew of folks went through (or are going through) the same thing. The difference is that the VAST MAJORITY of them are NOT bitching and moaning about it on NANOG about it. This is the NORTH AMERICAN NETWORK OPERATORS GROUP, *NOT* the "NORTH AMERICAN DISENFRANCHISED DSL CUSTOMERS GROUP." If your business depends (depended) on stable and reliable internet connectivity with your own (or at least non-changing) address space, might I suggest that you should have gone to ARIN for a microblock of address space and established a contengency plan with some other provider(s) in the event that the sky fell? > > -- > Internet implosion at 10:00 ... special web report, at 11:00. > --- John Fraizer EnterZone, Inc
|