Firewall Wizards mailing list archives
Re: DNS Names for external services
From: Dave Piscitello <dave () corecom com>
Date: Mon, 19 Apr 2010 11:43:22 -0400
Paul Melson wrote:
On Tue, Apr 13, 2010 at 12:16 PM, Behm, Jeff <jbehm () burnsmcd com> wrote:Just curious, what is your opinions of the security vs. ease of use trade-offs on putting DNS entries in (vs. making people know/use an IP address) for services you expose to the Internet.You mean the security trade-off whereby we protect ourselves from hackers that are too lazy to scan with nmap -sV but not too lazy to use scandns? It's a ridiculous corner case that's not worth accounting for.
+1
On the other hand, using DNS names instead of IP addresses for Internet-facing services makes them more easily portable. For some services it can make load balancing and failover very simple and cheap. If any of your use cases is helped by naming Internet services, then do so. It's that simple.
+1Also, consider the low esteem IP addresses have in email. Many antispam software aggressively downgrade email containing IP addresses. If you intend to notify folks of the availability of services via email, aren't you increasing the probability that someone's antispam measures will block delivery?
[I suppose you could ask your users and customers to scan your IP addresses to find services. If you even pause to consider this option...]
Attachment:
dave.vcf
Description:
_______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: DNS Names for external services, (continued)
- Re: DNS Names for external services Frank Knobbe (Apr 22)
- Re: DNS Names for external services Morty (Apr 23)
- Re: DNS Names for external services david (Apr 26)
- Re: DNS Names for external services Morty Abzug (Apr 27)
- Re: DNS Names for external services Frank Knobbe (Apr 27)
- Re: DNS Names for external services Paul D. Robertson (Apr 27)
- Re: DNS Names for external services R. DuFresne (Apr 27)
- Re: DNS Names for external services Andre Lima (Apr 26)
- Re: DNS Names for external services Dave Piscitello (Apr 27)
- Re: DNS Names for external services Dave Piscitello (Apr 22)
- Re: DNS Names for external services Paul Melson (Apr 22)
- Re: DNS Names for external services Kent Crispin (Apr 14)
- Re: DNS Names for external services John Morrison (Apr 14)
- Re: DNS Names for external services kent (Apr 15)
- Re: DNS Names for external services Marcus J. Ranum (Apr 14)
- Re: DNS Names for external services Jens Link (Apr 15)