--- "Vivien M." <vivienm@dyndns.org> wrote:
-----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu]On Behalf Of Pyda Srisuresh Sent: May 15, 2001 12:03 PM To: Valdis.Kletnieks@vt.edu; Adam McKenna Cc: nanog@nanog.org Subject: Re: To CAIS Engineers - WAKE UP AND TAKE CARE OF YOUR CUSTOMERS
Forcing hostnames and PTR's to match will also prevent people from NAT land accessing your servers. There are hardly any NAT implementations that do dynamic DNS updates.
Your NAT implementation must not be the same as the ones I've worked with, because with the [simple] ones I've seen, you have something like 192.168.0.0/24 all coming out and talking to the world as 1.2.3.4 (the more elaborate implementations give each private IP a unique outside IP, in which case you just set up your DNS for each IP. A little more work, perhaps, but...). Now, if 1.2.3.4 has proper matching forward/reverse DNS lookups, I don't see how people behind someone else's NAT pose a problem.
Sure, not in the case of NAPT (assuming you have a PTR record set for 1.2.3.4). My point is merely that there may be many cases it is not so straight forward to do the DNS updates for PTR records.
Vivien -- Vivien M. vivienm@dyndns.org Assistant System Administrator Dynamic DNS Network Services http://www.dyndns.org/
cheers, suresh __________________________________________________ Do You Yahoo!? Yahoo! Auctions - buy the things you want at great prices http://auctions.yahoo.com/