-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Rodolfo J. Paiz wrote:
>>when a machine whose DHCP_HOSTNAME is caspar is assigned 192.168.1.11, >>DNS gets changed so that 192.168.1.11 resolves to caspar.spotnet.org. >>Well, ok, but this is only going to work in very limited circumstances >>- -- i.e., a small, private network where you alone control DNS caching, >>which you say is the case for you, >(say, the boss gets a new computer and the hostname/MAC address changes but >he still wants to share his Zip drive) and this *is* important to millions >of people. Boss is still going to have to configure a hostname, and it's not much more work than that to set the IP address. >Yeah, sort of... take another example. I regularly host Counterstrike and >Quake games at my house. Four people at the dinner table, two in the living >room, three outside at a table, all new to the house. It would be freaking >*great* to "ping bob" or know that Jane is the Quake server without >reconfiguring my network. *lol* ... I guess it's all about priorities, Brother Paiz. >I do not believe this kind of thing has any use being on public networks. >However, the number of private networks for which this would be considered >a gift from Heaven is stunning. And it would (should) be considered a grave security breach on said networks. I hope you're not using NFS, for example, because if you're allowing clients to modify DNS in an environment which uses host-based auth, you're in deep doodoo. Ditto if you're using SSH, which won't know which way is up because it cannot correlate a key with an address when they're dynamic, which means you get to train your users to ignore the key warnings and make themselves vulnerable to MitM attacks. >Note that easier administration of stuff like this also lowers TCO and >helps to reduce the bar people need to jump over when moving to Linux >while *not* reducing functionality. It's an option, and a damn good >one. I'm all for those goals, but I think there are better and safer ways to meet them. The idea of dynamic DNS for resource servers gives me the willies. But like I said, whatever makes you Quake. ;-) - -d - -- David Talkington PGP key: http://www.prairienet.org/~dtalk/0xCA4C11AD.pgp -----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8 Comment: Made with pgp4pine 1.75-6 iQA/AwUBPLOamL9BpdPKTBGtEQKJAACg/ug84VXc86ZbVHDAHBTACMoZ064AoK6n OOS8RQUe0hxwHQDA7xoSXmo2 =irS2 -----END PGP SIGNATURE----- _______________________________________________ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
