[dns-operations] dns mud report, continued
Roland Dobbins
rdobbins at cisco.com
Sun Nov 18 16:12:53 UTC 2007
On Nov 18, 2007, at 7:54 AM, Paul Vixie wrote:
> rfc 1918 advises folks to use "split horizon dns" (i know because i
> contributed some text about it) but
> it's somewhat clear from this small snapshot that folks aren't
> reading rfc's
Irrespective of the use of RFC1918, I always advise end-sites to use
split-horizon for nodes which aren't meant to be publicly accessible
simply to avoid leaking potentially useful information to an external
attacker. But in my personal experience, I've found that the
overwhelming majority of sites which could benefit from split-horizon
don't know what it is and therefore haven't implemented it.
-----------------------------------------------------------------------
Roland Dobbins <rdobbins at cisco.com> // 408.527.6376 voice
Culture eats strategy for breakfast.
-- Ford Motor Company
More information about the dns-operations
mailing list