[101767] in North American Network Operators' Group
Re: request for help w/ ATT and terminology
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Thu Jan 17 17:42:12 2008
To: "Steven M. Bellovin" <smb@cs.columbia.edu>
Cc: Joe Greco <jgreco@ns.sol.net>, michael.dillon@bt.com, nanog@merit.edu
In-Reply-To: Your message of "Thu, 17 Jan 2008 21:29:37 GMT."
<20080117212937.48cbf1d2@cs.columbia.edu>
From: Valdis.Kletnieks@vt.edu
Date: Thu, 17 Jan 2008 17:35:30 -0500
Errors-To: owner-nanog@merit.edu
--==_Exmh_1200609330_2966P
Content-Type: text/plain; charset=us-ascii
On Thu, 17 Jan 2008 21:29:37 GMT, "Steven M. Bellovin" said:
> You don't always want to rely on the DNS for things like firewalls and
> ACLs. DNS responses can be spoofed, the servers may not be available,
> etc. (For some reason, I'm assuming that DNSsec isn't being used...)
Been there, done that, plus enough other "stupid DNS tricks" and "stupid
/etc/host tricks" to get me a fair supply of stories best told over a
pitcher of Guinness down at the Undergroud..
*Choosing* to hardcode rather than use DNS is one thing. *Having* to hardcode
because the gear is "too stupid" (as Joe Greco put it) is however "Caveat
emptor" no matter how you slice it...
--==_Exmh_1200609330_2966P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQFHj9gycC3lWbTT17ARAi8PAKDUq1Mf8ZmXhtwSHfqRxeCvA6d+iACaA8hU
2JTdloCHAQlq6AM7urovKVU=
=EhN6
-----END PGP SIGNATURE-----
--==_Exmh_1200609330_2966P--
