Re: [fw-wiz] DNS records for a firewall NAT pool

From: Jim McAtee (jmcatee_at_mediaodyssey.com)
Date: 07/29/03

  • Next message: Barney Wolff: "Re: [fw-wiz] DNS records for a firewall NAT pool" 
    To: "Pollock, Joseph" <PollockJ@evergreen.edu>, <firewall-wizards@honor.icsalabs.com>
Date: Tue, 29 Jul 2003 10:45:48 -0600

    I can't think of any negative implications of point names at those addresses.
    Most network probes are likely to be done by programs or people enumerating IP
    addresses, so you're no more (and no less) visible to the world by doing so.

    ----- Original Message -----
    From: "Pollock, Joseph" <PollockJ@evergreen.edu>
    To: <firewall-wizards@honor.icsalabs.com>
    Sent: Monday, July 28, 2003 3:51 PM
    Subject: [fw-wiz] DNS records for a firewall NAT pool

    > What DNS records are appropriate for addresses in a firewall NAT pool?
    >
    > We have long provided dummy PTR records for the addresses to deal with
    > software that does a reverse lookup. We have not configured matching A
    > records, feeling it was inappropriate and likely in conflict with, for
    > example, RFC 2182, since the hosts are not directly reachable.
    >
    > We are suddenly faced with a researcher who cannot connect to a well-known
    > database. The site tells me they use TCPWrappers in a manner that requires
    > matching forward and reverse lookups to pass the connection on to the
    > server.
    >
    > We could, of course, configure a static NAT entry for the two hosts
    > required; my management prefers to not do this for a variety of reasons.
    >
    > What are the implications of populating our DNS server with matching dummy A
    > records for all of our firewall pool?

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

  • Next message: Barney Wolff: "Re: [fw-wiz] DNS records for a firewall NAT pool"
    • Quantcast