nanog mailing list archives
Re: request for help w/ ATT and terminology
From: Roland Dobbins <rdobbins () cisco com>
Date: Sat, 19 Jan 2008 11:18:29 +0800
On Jan 18, 2008, at 7:50 AM, Brandon Galbraith wrote:
Agreed. I'd see a huge security hole in letting someone put host.somewhere.net in a firewall rule in a PIX/ASA/etc. as opposed to an IP, especially since it's rare to see DNSSEC in production.
It's not only a security issue, but a performance issue (both resolver and server) and one of practicality, as well (multiple A records for a single FQDN, CNAMEs, A records without matching PTRs, et. al.). The performance problem would likely be even more apparent under DNSSEC, and the practicality issue would remain unchanged.
As smb indicated, many folks put DNS names for hosts in the config files and then perform a lookup and do the conversion to IP addresses prior to deployment (hopefully with some kind of auditing prior to deployment, heh).
----------------------------------------------------------------------- Roland Dobbins <rdobbins () cisco com> // 408.527.6376 voice Culture eats strategy for breakfast. -- Ford Motor Company
Current thread:
- Re: request for help w/ ATT and terminology, (continued)
- Re: request for help w/ ATT and terminology Leigh Porter (Jan 17)
- Re: request for help w/ ATT and terminology Joe Greco (Jan 17)
- Re: request for help w/ ATT and terminology Valdis . Kletnieks (Jan 17)
- Re: request for help w/ ATT and terminology Steven M. Bellovin (Jan 17)
- Re: request for help w/ ATT and terminology Crist Clark (Jan 17)
- Re: request for help w/ ATT and terminology Valdis . Kletnieks (Jan 17)
- Re: request for help w/ ATT and terminology Steven M. Bellovin (Jan 17)
- Re: request for help w/ ATT and terminology Joe Greco (Jan 18)
- Re: request for help w/ ATT and terminology Joe Greco (Jan 17)
- Re: request for help w/ ATT and terminology Brandon Galbraith (Jan 17)
- Re: request for help w/ ATT and terminology Roland Dobbins (Jan 18)
- Re: request for help w/ ATT and terminology William Herrin (Jan 18)
- Re: request for help w/ ATT and terminology Roland Dobbins (Jan 18)
- Re: request for help w/ ATT and terminology Patrick W. Gilmore (Jan 16)
- Re: request for help w/ ATT and terminology Seth Mattinen (Jan 16)
- RE: request for help w/ ATT and terminology Jason Biel (Jan 16)