On Fri, 28 Sep 2007, Paul Wouters wrote:
> On Fri, 28 Sep 2007, Dean Anderson wrote:
>
> > Maybe its not mentioned because its not a practical solution. But
> > whatever the reason it isn't mentioned, a 25 million user VPN is not
> > going to happen with 10/8. A comcast person recently complained
>
>
> --On Friday, 28 September, 2007 09:48 +1000 Mark Andrews
> <[EMAIL PROTECTED]> wrote:
>
> >...
> >> It's not. Even without IPv6, having search domains means you
> >> can get unexpected results. If that's not acceptable, don't
> >> complain, but put a period behind your FQDNs.
> >
> >
On Fri, 28 Sep 2007, Dean Anderson wrote:
> Maybe its not mentioned because its not a practical solution. But
> whatever the reason it isn't mentioned, a 25 million user VPN is not
> going to happen with 10/8. A comcast person recently complained on PPML
> that there wasn't enough RFC1918 space fo
On 28-Sep-2007, at 1516, Dean Anderson wrote:
Not widely supported in clients. Therefore, not a solution.
In fact, it's quite feasible in operating systems which can run a
local instance of (say) BIND9. It would be fair to say that
installing and configuring BIND9 on an average laptop is
On Fri, 28 Sep 2007, Stephane Bortzmeyer wrote:
> On Thu, Sep 27, 2007 at 06:45:55PM -0700,
> Paul Hoffman <[EMAIL PROTECTED]> wrote
> a message of 36 lines which said:
>
> > It ignores one of the main reasons that many organizations purposely
> > choose to provide recursive lookup to the publ
At 12:04 PM -0400 9/28/07, Joe Abley wrote:
On 28-Sep-2007, at 1136, Paul Hoffman wrote:
It is not "obvious", at least to some of the people I have spoken
with. It is also not obvious to VPN vendors; otherwise, they would
have easy-to-use settings to make it happen.
I'm surprised by that com
On Fri, 28 Sep 2007, Joe Abley wrote:
> I'm surprised by that comment.
>
> I think it's a common use case that organisations who deploy VPNs have split
> DNS; that is, namespaces available through internal network resolvers that do
> not appear in the global namespace. In my experience, it is norm
On Fri, 28 Sep 2007, Jaap Akkerhuis wrote:
> There are two major reasons for an organization to not want roaming
> users to trust locally-assigned DNS servers.
>
> Open recursive servers doesn't help in against man in the middle
> attacks. If you want to avoid that use VPN's or (for DNS) T
On 28-Sep-2007, at 1136, Paul Hoffman wrote:
It is not "obvious", at least to some of the people I have spoken
with. It is also not obvious to VPN vendors; otherwise, they would
have easy-to-use settings to make it happen.
I'm surprised by that comment.
I think it's a common use case that
At 9:19 AM +0200 9/28/07, Stephane Bortzmeyer wrote:
On Thu, Sep 27, 2007 at 06:45:55PM -0700,
Paul Hoffman <[EMAIL PROTECTED]> wrote
a message of 36 lines which said:
> It ignores one of the main reasons that many organizations purposely
choose to provide recursive lookup to the public, na
--On Friday, 28 September, 2007 09:48 +1000 Mark Andrews
<[EMAIL PROTECTED]> wrote:
>...
>> It's not. Even without IPv6, having search domains means you
>> can get unexpected results. If that's not acceptable, don't
>> complain, but put a period behind your FQDNs.
>
> Please state wer
There are two major reasons for an organization to not want roaming
users to trust locally-assigned DNS servers.
Open recursive servers doesn't help in against man in the middle
attacks. If you want to avoid that use VPN's or (for DNS) TSIG.
I seem to remember that the ID actually
It does indeed as Stephane pointed out.
Opening up your resolver so you can server roaming users, without
further protection, is, at best, naive.
Joao
On 28 Sep 2007, at 12:15, Jaap Akkerhuis wrote:
There are two major reasons for an organization to not want
roaming
users to tru
--On Thursday, 27 September, 2007 18:45 -0700 Paul Hoffman
<[EMAIL PROTECTED]> wrote:
> The Security Considerations section for this document is much
> too narrow. It ignores one of the main reasons that many
> organizations purposely choose to provide recursive lookup to
> the public, namely for
The Security Considerations section for this document is much too
narrow. It ignores one of the main reasons that many organizations
purposely choose to provide recursive lookup to the public, namely
for their own roaming users. Without an open, known-good nameserver
at a fixed address, roaming
On Thu, Sep 27, 2007 at 06:45:55PM -0700,
Paul Hoffman <[EMAIL PROTECTED]> wrote
a message of 36 lines which said:
> It ignores one of the main reasons that many organizations purposely
> choose to provide recursive lookup to the public, namely for their
> own roaming users.
No, it is *not* ig
16 matches
Mail list logo
