|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: request for help w/ ATT and terminology
On Thu, 17 Jan 2008 21:29:37 GMT, "Steven M. Bellovin" said: > You don't always want to rely on the DNS for things like firewalls and > ACLs. DNS responses can be spoofed, the servers may not be available, > etc. (For some reason, I'm assuming that DNSsec isn't being used...) Been there, done that, plus enough other "stupid DNS tricks" and "stupid /etc/host tricks" to get me a fair supply of stories best told over a pitcher of Guinness down at the Undergroud.. *Choosing* to hardcode rather than use DNS is one thing. *Having* to hardcode because the gear is "too stupid" (as Joe Greco put it) is however "Caveat emptor" no matter how you slice it... Attachment:
pgp00021.pgp
|