[37442] in North American Network Operators' Group
RE: To CAIS Engineers - WAKE UP AND TAKE CARE OF YOUR CUSTOMERS
daemon@ATHENA.MIT.EDU (Roeland Meyer)
Mon May 14 05:49:42 2001
Message-ID: <9DC8BBAD4FF100408FC7D18D1F0922860E45F0@condor.mhsc.com>
From: Roeland Meyer <rmeyer@mhsc.com>
To: nanog@nanog.org
Date: Mon, 14 May 2001 02:50:45 -0700
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Errors-To: owner-nanog-outgoing@merit.edu
> From: Adam McKenna [mailto:adam@flounder.net]
> Sent: Monday, May 14, 2001 1:23 AM
>
> On Mon, May 14, 2001 at 12:42:54AM -0700, Roeland Meyer wrote:
> > > > Oracle (try and build a DB without reverse working right.
> > > Net8 stops you
> > > > dead in your tracks).
> > >
> > > Sorry, but this is just 100% wrong. I've set up Oracle on
> > > many boxes and you
> > > don't need any DNS at all to set up an oracle DB. In fact, I
> > > tell our DBA's
> > > to use IP addresses in their TNSNAMES.ORA files because I
> > > don't want the DB
> > > depending on DNS.
> >
> > Let's see, I don't want to make my DBs dependent on DNS, so
> I use IP addrs.
> > Yet, I can't depend on IP addrs because my upstream might have to be
> > changed... damn, I shouldn't have depended on my scumbag
> DSL upstream, eh?
>
> I believe we've been through this discussion before.
Yeah, you and I keep dancing around the same bush. My point is that, nothing
is real good by you. One day, names are no good and later, addrs are no
good. That's a flip-flop worthy of Bill Clinton. Looking at each specific
case, you come up with answers, which may be absolutely the best answer for
that case, which may also absolutely contradict another specific case. But,
since the two of them are invariably conjoined, you have two contradictory
and mutually exclusive answers... for the same thing. Therein, lays my
frustration.
> > Gee, maybe I should have had a names based system after
> all? Either way, I
> > wind up having to rebuild Oracle boxen and application
> servers, every time
> > somebody farts. Just what in blue hell are we supposed to do?
>
> Maybe you should get a clue, or hire someone who has one.
Tried both, it appears non-soluble, at the moment.
> > BTW, the last I checked SSL certs are usually names based.
> Pretty slack
> > security, eh?
>
> Yes. See
> http://cr.yp.to/djbdns/bugtraq/19991114052453-12962-qmail@cr-yp-to
> and http://cr.yp.to/djbdns/forgery.html
Read the caveats.
