Hai all,
The current draft (08) does require a DNS query to find syslog-relay:
Devices and relays SHOULD discover relays and
collectors via the DNS SRV algorithm [7].
Although, this feature can be "handy"; it can be unsafe to.
It simply means that the (real of hacked) administrator of the
appropriate DNS-domain (or zone) *can control* or *change* the path
that syslog-messages will follow. At least some kind of DoD becomes
possible.
Note: "SHOULD" does not make a requirement, strictly speaking. But
it's close. I don't think this feature is part of the protocol. It's a
feature of a tool. So at most it should be formulated as "RECOMMENDED"
Naturally, it's just myOpinion -- ALbert
---GAM
"This should be a jolly quote"
====
Do NOT send MS-Word or other MS-bits to me!
I can read them now, but I still don't like it.
