Educause Security Discussion mailing list archives

Re: It's all in a Domain Name

From: John Kristoff <jtk () CYMRU COM>
Date: Thu, 18 Mar 2010 09:12:24 -0500

On Thu, 18 Mar 2010 08:19:48 -0500
"Consolvo, Corbett D" <cc72 () TXSTATE EDU> wrote:

  I would recommend the third option (.local).  I have been in that
environment before (including providing remote access services) and I
feel that provides the best security.  We did not run in to any major
technical issues.


Its been years since I've had anything to do with Novell and I never
spent any significant time working with AD, but one thing is for
certain, there is a lot of .local TLD noise that shows up at the public
DNS root servers.  If there is another, cleaner solution available, you
may wish to consider it so you don't accidentally leak all kinds of
private, local queries to the world and contribute the additional
pollution to the public net.  I refer folks to page 8 of the following:

  <http://www.caida.org/publications/papers/2010/understanding_dns_evolution/>

John

Current thread:

It's all in a Domain Name John Kaftan (Mar 18)
- <Possible follow-ups>
- Re: It's all in a Domain Name Consolvo, Corbett D (Mar 18)
- Re: It's all in a Domain Name Matthew Gracie (Mar 18)
- Re: It's all in a Domain Name Valdis Kletnieks (Mar 18)
- Re: It's all in a Domain Name Kenneth Arnold (Mar 18)
- Re: It's all in a Domain Name Consolvo, Corbett D (Mar 18)
- Re: It's all in a Domain Name John Kristoff (Mar 18)
- Re: It's all in a Domain Name Michael Sinatra (Mar 18)