Re: request for help w/ ATT and terminology

• Previous message: S. Ryan: "Charter.com DNS Administrator"
• In reply to: Brandon Galbraith: "Re: request for help w/ ATT and terminology"
• Next in thread: Joe Greco: "Re: request for help w/ ATT and terminology"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

On Jan 18, 2008, at 7:50 AM, Brandon Galbraith wrote:

> Agreed. I'd see a huge security hole in letting someone put
> host.somewhere.net in a firewall rule in a PIX/ASA/etc. as opposed
> to an IP, especially since it's rare to see DNSSEC in production.

It's not only a security issue, but a performance issue (both resolver
and server) and one of practicality, as well (multiple A records for a
single FQDN, CNAMEs, A records without matching PTRs, et. al.). The
performance problem would likely be even more apparent under DNSSEC,
and the practicality issue would remain unchanged.

As smb indicated, many folks put DNS names for hosts in the config
files and then perform a lookup and do the conversion to IP addresses
prior to deployment (hopefully with some kind of auditing prior to
deployment, heh).

-----------------------------------------------------------------------
Roland Dobbins <> // 408.527.6376 voice

        Culture eats strategy for breakfast.

            -- Ford Motor Company

• Previous message: S. Ryan: "Charter.com DNS Administrator"
• In reply to: Brandon Galbraith: "Re: request for help w/ ATT and terminology"
• Next in thread: Joe Greco: "Re: request for help w/ ATT and terminology"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]