Home page logo
/

nanog logo nanog mailing list archives

RE: To CAIS Engineers - WAKE UP AND TAKE CARE OF YOUR CUSTOMERS
From: Pyda Srisuresh <srisuresh () yahoo com>
Date: Tue, 15 May 2001 10:41:10 -0700 (PDT)



--- "Vivien M." <vivienm () dyndns org> wrote:
-----Original Message-----
From: owner-nanog () merit edu [mailto:owner-nanog () merit edu]On Behalf Of
Pyda Srisuresh
Sent: May 15, 2001 12:03 PM
To: Valdis.Kletnieks () vt edu; Adam McKenna
Cc: nanog () nanog org
Subject: Re: To CAIS Engineers - WAKE UP AND TAKE CARE OF YOUR CUSTOMERS


Forcing hostnames and PTR's to match will also prevent people from NAT
land accessing your servers. There are hardly any NAT implementations
that do dynamic DNS updates.

Your NAT implementation must not be the same as the ones I've worked with,
because with the [simple] ones I've seen, you have something like
192.168.0.0/24 all coming out and talking to the world as 1.2.3.4 (the more
elaborate implementations give each private IP a unique outside IP, in which
case you just set up your DNS for each IP. A little more work, perhaps,
but...). Now, if 1.2.3.4 has proper matching forward/reverse DNS lookups, I
don't see how people behind someone else's NAT pose a problem.


Sure, not in the case of NAPT (assuming you have a PTR record set for
1.2.3.4). My point is merely that there may be many cases it is not so
straight forward to do the DNS updates for PTR records.

Vivien
--
Vivien M.
vivienm () dyndns org
Assistant System Administrator
Dynamic DNS Network Services
http://www.dyndns.org/

cheers,
suresh

__________________________________________________
Do You Yahoo!?
Yahoo! Auctions - buy the things you want at great prices
http://auctions.yahoo.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]