On Thu, 17 Jan 2008 15:45:24 -0500 Valdis.Kletnieks@vt.edu wrote:
On Thu, 17 Jan 2008 09:15:30 CST, Joe Greco said:
make this a killer. That could include things such as firewall rules/ACL's, recursion DNS server addresses, VPN adapters, VoIP equipment with stacks too stupid to do DNS, etc.
I'll admit that fixing up /etc/resolv.conf and whatever the Windows equivalent is can be a pain - but for the rest of it, if you bought gear that's too stupid to do DNS, I have to agree with Leigh's comment: "Caveat emptor".
You don't always want to rely on the DNS for things like firewalls and ACLs. DNS responses can be spoofed, the servers may not be available, etc. (For some reason, I'm assuming that DNSsec isn't being used...) --Steve Bellovin, http://www.cs.columbia.edu/~smb