[dns-operations] A DNS and network security forced marriage

Andrew Sullivan ajs at shinkuro.com
Fri Mar 12 19:59:52 UTC 2010


On Fri, Mar 12, 2010 at 11:49:27AM -0800, Matthew Dempsky wrote:
> statically configured DNS server.  This doesn't require extra work
> "every time you reconnect"; just once when you set it up.

Yes, if the client is sane.  But if you have a bunch of bodged-up
stuff assembled from the kind of garbage one sometimes has, the client
is not always so sane.

Moreover, in general there isn't a pre-emptive way of making this
change, because if you're an innocent customer of an ISP and they
start mangling your DNS, you have no warning because you didn't change
anything & had no reason to suppose things would break.

I am not one of those people who thinks that there's a religious issue
here.  I just think that bland assurances that it's all easy and works
perfectly are disingenuous.  There are problems, and some of them are
annoying to fix -- especially because for the customer they often
involve waiting on hold for long periods of time waiting to get a help
desk person (who, often as not, didn't get the memo about DNS mangling
either, so doesn't know what one is talking about).

A

-- 
Andrew Sullivan
ajs at shinkuro.com
Shinkuro, Inc.



More information about the dns-operations mailing list