On Thu, 2006-04-20 at 11:34 -0400, David B Harrington wrote: > Hi, > > I also have concerns about depending on DNS. > > I want to be sure I understand what you are suggesting as an > alternative. > Is the mapping from IP to hostname operator-defined in a static way? > > What happens, network-management-wise, when an IP address changes for > a given host, or more importantly, is reissued to a different host?
I would say that the client should be configured to log to log://loghost.domain/ instead of logging to an IP address. (maybe we can also define an URL format, but not necessarily) In this case the name of the host is in the URL, and this is what the certificate should be compared against. This way we only rely on the DNS to forward-resolve hostnames which should work. -- Bazsi _______________________________________________ Syslog mailing list [email protected] https://www1.ietf.org/mailman/listinfo/syslog
