Educause Security Discussion mailing list archives
Re: Domain Name Database and Bulldog Firewall
From: Graham Toal <gtoal () UTPA EDU>
Date: Thu, 4 May 2006 14:01:00 -0500
I realize this is publically available information anyone can harvest. My concern is now the information is even more public and accessible. Some useful information (to a hacker) can be inferred from a DNS name.
in that case the problem comes from putting the information into the DNS in the first place. It's definitely not "more public" than it was. No self-respecting hacker since the invention of DNS would not know how to enumerate an IP range (after first trying to fetch the zone file, including from the offsite secondary servers who always forget to deny zone transfers ;-) ) There is a point worth discussing here though, which is the relative value of having separate 'inside' and 'outside' DNS spaces. For example instead of exporting about 1000 DNS names for all our desktops etc etc, we might only export names for our public services such as www.utpa.edu and mail.utpa.edu... Personally I think I approve of split DNS, but not for security reasons, more just to keep things tidy. Talking of giving out too much useful information, does anyone still use TXT records? How about LOC records? It's amusing to see people who keep their home address off the net but publish a loc record so accurate that with a satellite photo you can even work out which room of their house their computer is in :-) G
Current thread:
- Domain Name Database and Bulldog Firewall Mark Wilson (May 04)
- <Possible follow-ups>
- Re: Domain Name Database and Bulldog Firewall Alan Amesbury (May 04)
- Re: Domain Name Database and Bulldog Firewall Graham Toal (May 04)
- Re: Domain Name Database and Bulldog Firewall Mark Wilson (May 04)
- Re: Domain Name Database and Bulldog Firewall Graham Toal (May 04)
- Re: Domain Name Database and Bulldog Firewall Ted Frohling - NTS (May 04)
- Re: Domain Name Database and Bulldog Firewall Jeni Li (May 04)
- Re: Domain Name Database and Bulldog Firewall Cal Frye (May 04)
- Re: Domain Name Database and Bulldog Firewall Gary Flynn (May 05)