[dns-operations] A DNS and network security forced marriage
Andrew Sullivan
ajs at shinkuro.com
Fri Mar 12 19:59:52 UTC 2010
On Fri, Mar 12, 2010 at 11:49:27AM -0800, Matthew Dempsky wrote:
> statically configured DNS server. This doesn't require extra work
> "every time you reconnect"; just once when you set it up.
Yes, if the client is sane. But if you have a bunch of bodged-up
stuff assembled from the kind of garbage one sometimes has, the client
is not always so sane.
Moreover, in general there isn't a pre-emptive way of making this
change, because if you're an innocent customer of an ISP and they
start mangling your DNS, you have no warning because you didn't change
anything & had no reason to suppose things would break.
I am not one of those people who thinks that there's a religious issue
here. I just think that bland assurances that it's all easy and works
perfectly are disingenuous. There are problems, and some of them are
annoying to fix -- especially because for the customer they often
involve waiting on hold for long periods of time waiting to get a help
desk person (who, often as not, didn't get the memo about DNS mangling
either, so doesn't know what one is talking about).
A
--
Andrew Sullivan
ajs at shinkuro.com
Shinkuro, Inc.
More information about the dns-operations
mailing list