On 10/24/2009 02:45:04 PM, James Yonan wrote:
> Having said that, your bug report seems more like a feature request
> since routing commands/APIs generally do not support DNS A-record
> expansion as a standard feature.
My favorite firewall/packet redirector, pf, does. (It runs on the
BSDS.) I find that using DNS names makes configuration files
very, very, much more readable.
Of course care is required to ensure that the names
will resolve whenever required. The basic trick is to run
a slave nameserver for those zones you care about on the
firewall/router, be sure that the slave server expiration
is "long enough", and never use dns names that are not
resolvable by the local namserver. So long as your
nameserver is working you have config files that are
human readable -- a trade off I find well worth it.
Karl <k...@meme.com>
Free Software: "You don't pay back, you pay forward."
-- Robert A. Heinlein
