Educause Security Discussion mailing list archives
Re: It's all in a Domain Name
From: John Kristoff <jtk () CYMRU COM>
Date: Thu, 18 Mar 2010 09:12:24 -0500
On Thu, 18 Mar 2010 08:19:48 -0500 "Consolvo, Corbett D" <cc72 () TXSTATE EDU> wrote:
I would recommend the third option (.local). I have been in that environment before (including providing remote access services) and I feel that provides the best security. We did not run in to any major technical issues.
Its been years since I've had anything to do with Novell and I never spent any significant time working with AD, but one thing is for certain, there is a lot of .local TLD noise that shows up at the public DNS root servers. If there is another, cleaner solution available, you may wish to consider it so you don't accidentally leak all kinds of private, local queries to the world and contribute the additional pollution to the public net. I refer folks to page 8 of the following: <http://www.caida.org/publications/papers/2010/understanding_dns_evolution/> John
Current thread:
- It's all in a Domain Name John Kaftan (Mar 18)
- <Possible follow-ups>
- Re: It's all in a Domain Name Consolvo, Corbett D (Mar 18)
- Re: It's all in a Domain Name Matthew Gracie (Mar 18)
- Re: It's all in a Domain Name Valdis Kletnieks (Mar 18)
- Re: It's all in a Domain Name Kenneth Arnold (Mar 18)
- Re: It's all in a Domain Name Consolvo, Corbett D (Mar 18)
- Re: It's all in a Domain Name John Kristoff (Mar 18)
- Re: It's all in a Domain Name Michael Sinatra (Mar 18)