North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

RE: To CAIS Engineers - WAKE UP AND TAKE CARE OF YOUR CUSTOMERS

  • From: Vivien M.
  • Date: Tue May 15 12:58:29 2001

> -----Original Message-----
> From: [email protected] [mailto:[email protected]]On Behalf Of
> Pyda Srisuresh
> Sent: May 15, 2001 12:03 PM
> To: [email protected]; Adam McKenna
> Cc: [email protected]
> Subject: Re: To CAIS Engineers - WAKE UP AND TAKE CARE OF YOUR CUSTOMERS
>
>
> Forcing hostnames and PTR's to match will also prevent people from NAT
> land accessing your servers. There are hardly any NAT implementations
> that do dynamic DNS updates.

Your NAT implementation must not be the same as the ones I've worked with,
because with the [simple] ones I've seen, you have something like
192.168.0.0/24 all coming out and talking to the world as 1.2.3.4 (the more
elaborate implementations give each private IP a unique outside IP, in which
case you just set up your DNS for each IP. A little more work, perhaps,
but...). Now, if 1.2.3.4 has proper matching forward/reverse DNS lookups, I
don't see how people behind someone else's NAT pose a problem.

Vivien
--
Vivien M.
[email protected]
Assistant System Administrator
Dynamic DNS Network Services
http://www.dyndns.org/