Re: Domain Name Database and Bulldog Firewall

[Graham Toal <gtoal () UTPA EDU>]

> I realize this is publically available information anyone can 
> harvest. 
> My concern is now the information is even more public and accessible. 
> Some useful information (to a hacker) can be inferred from a DNS name.

in that case the problem comes from putting the information
into the DNS in the first place.

It's definitely not "more public" than it was.  No self-respecting
hacker since the invention of DNS would not know how to enumerate
an IP range (after first trying to fetch the zone file, including
from the offsite secondary servers who always forget to deny zone
transfers ;-) )

There is a point worth discussing here though, which is the
relative value of having separate 'inside' and 'outside' DNS
spaces.  For example instead of exporting about 1000 DNS names
for all our desktops etc etc, we might only export names
for our public services such as www.utpa.edu and mail.utpa.edu...

Personally I think I approve of split DNS, but not for security
reasons, more just to keep things tidy.

Talking of giving out too much useful information, does anyone
still use TXT records?  How about LOC records?  It's amusing to
see people who keep their home address off the net but publish a
loc record so accurate that with a satellite photo you can even
work out which room of their house their computer is in :-)

G