|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: request for help w/ ATT and terminology
On Thu, 17 Jan 2008 15:45:24 -0500 [email protected] wrote: > On Thu, 17 Jan 2008 09:15:30 CST, Joe Greco said: > > make this a killer. That could include things such as firewall > > rules/ACL's, recursion DNS server addresses, VPN adapters, VoIP > > equipment with stacks too stupid to do DNS, etc. > > I'll admit that fixing up /etc/resolv.conf and whatever the Windows > equivalent is can be a pain - but for the rest of it, if you bought > gear that's too stupid to do DNS, I have to agree with Leigh's > comment: "Caveat emptor". > You don't always want to rely on the DNS for things like firewalls and ACLs. DNS responses can be spoofed, the servers may not be available, etc. (For some reason, I'm assuming that DNSsec isn't being used...) --Steve Bellovin, http://www.cs.columbia.edu/~smb
|