On Mon, 9 Mar 1998, Bennett Todd wrote:
> I'm currently contemplating a serious redesign, doing away with DNS from
> the internet altogether. We use _nothing_ but non-transparent proxies on
> the firewall, so I can't see any good reason why end-user workstations
> should need to be able to resolve internet hostnames. I'd really love to
> chop that off altogether; people are getting cleverer about using
> bizarrely-corrupted DNS data to burgle systems.
I've always been fond of creating my own "internal only" TLDs, it makes it
pretty easy to keep the wandering laptops from pointing at useful hosts,
makes it simple to seperate an internal from an external resource at a
glance, and keeps the users thoroughly confused ;)
Blocking external resolution would be a logical step, especially if you're
worried about the DNS being used as an information channel.
Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
proberts_at_clark.net which may have no basis whatsoever in fact."
PSB#9280
Received on Mar 10 1998
Intro
