request for help w/ ATT and terminology
Valdis.Kletnieks at vt.edu
Valdis.Kletnieks at vt.edu
Thu Jan 17 22:35:30 UTC 2008
On Thu, 17 Jan 2008 21:29:37 GMT, "Steven M. Bellovin" said:
> You don't always want to rely on the DNS for things like firewalls and
> ACLs. DNS responses can be spoofed, the servers may not be available,
> etc. (For some reason, I'm assuming that DNSsec isn't being used...)
Been there, done that, plus enough other "stupid DNS tricks" and "stupid
/etc/host tricks" to get me a fair supply of stories best told over a
pitcher of Guinness down at the Undergroud..
*Choosing* to hardcode rather than use DNS is one thing. *Having* to hardcode
because the gear is "too stupid" (as Joe Greco put it) is however "Caveat
emptor" no matter how you slice it...
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20080117/fd5cee9a/attachment.sig>
More information about the NANOG
mailing list