nanog mailing list archives

Re: request for help w/ ATT and terminology

From: Roland Dobbins <rdobbins () cisco com>
Date: Sat, 19 Jan 2008 11:18:29 +0800



On Jan 18, 2008, at 7:50 AM, Brandon Galbraith wrote:

Agreed. I'd see a huge security hole in letting someone puthost.somewhere.net in a firewall rule in a PIX/ASA/etc. as opposedto an IP, especially since it's rare to see DNSSEC in production.

It's not only a security issue, but a performance issue (both resolverand server) and one of practicality, as well (multiple A records for asingle FQDN, CNAMEs, A records without matching PTRs, et. al.). Theperformance problem would likely be even more apparent under DNSSEC,and the practicality issue would remain unchanged.

As smb indicated, many folks put DNS names for hosts in the configfiles and then perform a lookup and do the conversion to IP addressesprior to deployment (hopefully with some kind of auditing prior todeployment, heh).



-----------------------------------------------------------------------
Roland Dobbins <rdobbins () cisco com> // 408.527.6376 voice

        Culture eats strategy for breakfast.

           -- Ford Motor Company

Current thread:

Re: request for help w/ ATT and terminology, (continued)
- - Re: request for help w/ ATT and terminology Leigh Porter (Jan 17)
  - Re: request for help w/ ATT and terminology Joe Greco (Jan 17)
    - Re: request for help w/ ATT and terminology Valdis . Kletnieks (Jan 17)
    - Re: request for help w/ ATT and terminology Steven M. Bellovin (Jan 17)
    - Re: request for help w/ ATT and terminology Crist Clark (Jan 17)
    - Re: request for help w/ ATT and terminology Valdis . Kletnieks (Jan 17)
    - Re: request for help w/ ATT and terminology Steven M. Bellovin (Jan 17)
    - Re: request for help w/ ATT and terminology Joe Greco (Jan 18)
    - Re: request for help w/ ATT and terminology Joe Greco (Jan 17)
    - Re: request for help w/ ATT and terminology Brandon Galbraith (Jan 17)
    - Re: request for help w/ ATT and terminology Roland Dobbins (Jan 18)
    - Re: request for help w/ ATT and terminology William Herrin (Jan 18)
    - Re: request for help w/ ATT and terminology Roland Dobbins (Jan 18)
- Re: request for help w/ ATT and terminology John Payne (Jan 17)
- Re: request for help w/ ATT and terminology Rubens Kuhl Jr. (Jan 19)
- RE: request for help w/ ATT and terminology Darryl Dunkin (Jan 16)
  - Re: request for help w/ ATT and terminology Patrick W. Gilmore (Jan 16)
  - Re: request for help w/ ATT and terminology Seth Mattinen (Jan 16)
  - RE: request for help w/ ATT and terminology Jason Biel (Jan 16)