tobold.org

correct • elegant • free

△ comp.protocols.tcp-ip.domains △

◅ off site secondaries

Routing UUCP mail using DNS - any opinions? ▻

Pitfalls for Firewall Cache-Only DNS

In article <34hvk4$30j@venus.mcs.com>, Michael Borowiec <mikebo@MCS.COM> wrote:
>I used to feel the same way, but... isn't it possible for a firm's
>competitor to infer things based on the number of hosts in a subnet
>(i.e. the resources a firm is committing to a market/time sensitive
>product), names of hosts that are descriptive of the work being done, etc?

How can the competitor know that the DNS information is accurate?
If this is really a concern, it would be easy enough to invent some
deliberately misleading host names.  (Indeed, I know of something
similar to this actually being done.)

My view is that any benefits of running two versions of a zone are more
than offset by the extra administration involved.  Your time might be
better spent on making sure your firewall is doing what it's supposed
to.

Tim.
--
Tim Goodwin        | "Unless you were Doug Gwyn, you never
Public IP Exchange | had any problems." -- Steve Summit

Original headers:

From: tim@pipex.net (Tim Goodwin)
Newsgroups: comp.protocols.tcp-ip.domains
Subject: Re: Pitfalls for Firewall Cache-Only DNS
Date: 14 Sep 1994 16:19:56 +0100
Organization: PIPEX, 216 Science Park, Cambridge, England
Message-ID: <3574as$7f6@pipe.pipex.net>
References: <tendoCvHuow.1s2@netcom.com> <347f51$mc9@kerby.ocsg.com>
  <34hvk4$30j@venus.mcs.com>

△ comp.protocols.tcp-ip.domains △

◅ off site secondaries

Routing UUCP mail using DNS - any opinions? ▻