17 Jan
2008
17 Jan
'08
10:35 p.m.
On Thu, 17 Jan 2008 21:29:37 GMT, "Steven M. Bellovin" said:
You don't always want to rely on the DNS for things like firewalls and ACLs. DNS responses can be spoofed, the servers may not be available, etc. (For some reason, I'm assuming that DNSsec isn't being used...)
Been there, done that, plus enough other "stupid DNS tricks" and "stupid /etc/host tricks" to get me a fair supply of stories best told over a pitcher of Guinness down at the Undergroud.. *Choosing* to hardcode rather than use DNS is one thing. *Having* to hardcode because the gear is "too stupid" (as Joe Greco put it) is however "Caveat emptor" no matter how you slice it...