[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

OT: Security docs/rfc's/etc?



Im currently fighting a battle with some networking folks that believe by not registering machines in DNS they are protecting them from attack. Does anybody know of any documents/RFC's/etc that point out one of the following:

- Registering in DNS is required/recommended to be a "good net citizen"
- Registering in DNS does NOT increase your chances of being attacked, unless of course your DNS server is incorrectly configured (ie: allows zone transfers from anybody)
- NOT registering in DNS causes other issues...like difficult to trouble shoot if router interfaces not registered.


Anything else that might help?

Or...maybe Im wrong?!?!. I prefer to put something like the following in an access list:

.company.com

instead of listing hundreds of networks for company.com. I figure with a solid, secure, stable, well maintained DNS machine I'm better off and makes my life easier keeping the ACLs up to date. I understand the risk from spoofing but since we consider that to be minimal in our environment is there something else Im totally overlooking that makes using IP's more desirable?

ps: we have other reasons why we require DNS but Im looking at it from strictly a security point of view.

-Tyler