[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Search domains in our environment (Proposal)



On Dec 19, 2007 4:06 PM, Mike McGrath <mmcgrath redhat com> wrote:
> Mike McGrath wrote:
> > Comments?  +1's?  -1's?  I'm basically going for ease of use among the
> > admins and since most people "ssh puppet1" instead of "ssh
> > puppet1.fedora.phx.redhat.com" I think in our diverse environment it
> > will be worth it and is easier then hosting a separate DNS server in
> > each of our locations.
>
>
> I forgot to mention one other concern.  A MitM attack or DNS poisoning.
> This possibility does exist, but exists in our environment as is
> anyway.  This is something we should look at mitigating but other than
> running a DNS server at every site, I'm not totally sure how to fix it.
> I consider all of our donations as partnerships.  After all, they have
> local access to the box.  At the same time though it is something we
> should count as a risk and mitigate as much as possible.
>

As far as I can tell the only way to lower the risk of DNS poisoning
is local DNS servers. Having them getting DNS files from a central
host via a signed methodology would be not much different than
/etc/hosts except you can use other tricks and failovers


-- 
Stephen J Smoogen. -- CSIRT/Linux System Administrator
How far that little candle throws his beams! So shines a good deed
in a naughty world. = Shakespeare. "The Merchant of Venice"


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]