North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: request for help w/ ATT and terminology

  • From: Valdis . Kletnieks
  • Date: Thu Jan 17 17:44:01 2008

On Thu, 17 Jan 2008 21:29:37 GMT, "Steven M. Bellovin" said:

> You don't always want to rely on the DNS for things like firewalls and
> ACLs.  DNS responses can be spoofed, the servers may not be available,
> etc.  (For some reason, I'm assuming that DNSsec isn't being used...)

Been there, done that, plus enough other "stupid DNS tricks" and "stupid
/etc/host tricks" to get me a fair supply of stories best told over a
pitcher of Guinness down at the Undergroud..

*Choosing* to hardcode rather than use DNS is one thing.  *Having* to hardcode
because the gear is "too stupid" (as Joe Greco put it) is however "Caveat
emptor" no matter how you slice it...

Attachment: pgp00021.pgp
Description: PGP signature