[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
OT: Security docs/rfc's/etc?
- To: misc_(_at_)_openbsd_(_dot_)_org
- Subject: OT: Security docs/rfc's/etc?
- From: Tyler Allison <allison_(_at_)_mail_(_dot_)_arc_(_dot_)_nasa_(_dot_)_gov>
- Date: Tue, 10 Oct 2000 11:27:10 -0700
Im currently fighting a battle with some networking folks that believe by
not registering machines in DNS they are protecting them from attack. Does
anybody know of any documents/RFC's/etc that point out one of the following:
- Registering in DNS is required/recommended to be a "good net citizen"
- Registering in DNS does NOT increase your chances of being attacked,
unless of course your DNS server is incorrectly configured (ie: allows zone
transfers from anybody)
- NOT registering in DNS causes other issues...like difficult to trouble
shoot if router interfaces not registered.
Anything else that might help?
Or...maybe Im wrong?!?!. I prefer to put something like the following in
an access list:
instead of listing hundreds of networks for company.com. I figure with a
solid, secure, stable, well maintained DNS machine I'm better off and makes
my life easier keeping the ACLs up to date. I understand the risk from
spoofing but since we consider that to be minimal in our environment is
there something else Im totally overlooking that makes using IP's more
ps: we have other reasons why we require DNS but Im looking at it from
strictly a security point of view.