request for help w/ ATT and terminology

Joe Greco jgreco at ns.sol.net
Thu Jan 17 21:36:30 UTC 2008


> On Thu, 17 Jan 2008 09:15:30 CST, Joe Greco said:
> > make this a killer.  That could include things such as firewall rules/ACL's,
> > recursion DNS server addresses, VPN adapters, VoIP equipment with stacks too
> > stupid to do DNS, etc.
> 
> I'll admit that fixing up /etc/resolv.conf and whatever the Windows equivalent
> is can be a pain - but for the rest of it, if you bought gear that's too
> stupid to do DNS, I have to agree with Leigh's comment: "Caveat emptor".

Wow, as far as I can tell, you've pretty much condemned most firewall
software and devices then, because I'm really not aware of any serious
ones that will successfully implement rules such as "allow from
123.45.67.0/24" via DNS.  Besides, if you've gone to the trouble of
acquiring your own address space, it is a reasonable assumption that 
you'll be able to rely on being able to tack down services in that
space.  Being expected to walk through every bit of equipment and
reconfigure potentially multiple subsystems within it is unreasonable.

Taking, as one simple example, an older managed ethernet switch, I see
the IP configuration itself, the SNMP configuration (both filters and
traps), the ACL's for management, the time server IP, etc.  I guess if
you feel that Bay Networks equipment was a bad buy, you're welcome to
that opinion.  I can probably dig up some similar Cisco gear.

... JG
-- 
Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net
"We call it the 'one bite at the apple' rule. Give me one chance [and] then I
won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN)
With 24 million small businesses in the US alone, that's way too many apples.



More information about the NANOG mailing list