[37543] in North American Network Operators' Group
RE: To CAIS Engineers - WAKE UP AND TAKE CARE OF YOUR CUSTOMERS
daemon@ATHENA.MIT.EDU (Vivien M.)
Tue May 15 12:57:36 2001
From: "Vivien M." <vivienm@dyndns.org>
To: "Pyda Srisuresh" <srisuresh@yahoo.com>,
<Valdis.Kletnieks@vt.edu>, "Adam McKenna" <adam@flounder.net>
Cc: <nanog@nanog.org>
Date: Tue, 15 May 2001 12:52:00 -0400
Message-ID: <NDBBKECCEHKIHGIMJECAGEGNCJAA.vivienm@dyndns.org>
MIME-Version: 1.0
Content-Type: text/plain;
charset="US-ASCII"
Content-Transfer-Encoding: 7bit
In-Reply-To: <20010515160234.60660.qmail@web13808.mail.yahoo.com>
Errors-To: owner-nanog-outgoing@merit.edu
> -----Original Message-----
> From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu]On Behalf Of
> Pyda Srisuresh
> Sent: May 15, 2001 12:03 PM
> To: Valdis.Kletnieks@vt.edu; Adam McKenna
> Cc: nanog@nanog.org
> Subject: Re: To CAIS Engineers - WAKE UP AND TAKE CARE OF YOUR CUSTOMERS
>
>
> Forcing hostnames and PTR's to match will also prevent people from NAT
> land accessing your servers. There are hardly any NAT implementations
> that do dynamic DNS updates.
Your NAT implementation must not be the same as the ones I've worked with,
because with the [simple] ones I've seen, you have something like
192.168.0.0/24 all coming out and talking to the world as 1.2.3.4 (the more
elaborate implementations give each private IP a unique outside IP, in which
case you just set up your DNS for each IP. A little more work, perhaps,
but...). Now, if 1.2.3.4 has proper matching forward/reverse DNS lookups, I
don't see how people behind someone else's NAT pose a problem.
Vivien
--
Vivien M.
vivienm@dyndns.org
Assistant System Administrator
Dynamic DNS Network Services
http://www.dyndns.org/
