On Fri, 28 Sep 2007, Jaap Akkerhuis wrote:
There are two major reasons for an organization to not want roaming
users to trust locally-assigned DNS servers.
Open recursive servers doesn't help in against man in the middle
attacks. If you want to avoid that use VPN's or (for DNS) TSIG.
On Fri, 28 Sep 2007, Dean Anderson wrote:
Maybe its not mentioned because its not a practical solution. But
whatever the reason it isn't mentioned, a 25 million user VPN is not
going to happen with 10/8. A comcast person recently complained on PPML
that there wasn't enough RFC1918 space for
On Fri, 28 Sep 2007, Joe Abley wrote:
I'm surprised by that comment.
I think it's a common use case that organisations who deploy VPNs have split
DNS; that is, namespaces available through internal network resolvers that do
not appear in the global namespace. In my experience, it is normal
On Fri, Sep 28, 2007 at 05:29:43PM -0400, Paul Wouters wrote:
On Fri, 28 Sep 2007, Dean Anderson wrote:
Maybe its not mentioned because its not a practical solution. But
whatever the reason it isn't mentioned, a 25 million user VPN is not
going to happen with 10/8. A comcast person
Joao == Joao Damas [EMAIL PROTECTED] writes:
Joao It does indeed as Stephane pointed out. Opening up your
Joao resolver so you can server roaming users, without further
Joao protection, is, at best, naive.
I'd appreciate it if you took Paul's comments a lot more seriously and
As for the TSIG or SIG(0) recommendation, I'm not sure what
the numbers are for client support today, but I suspect it's at
best an negligible sample.
Well all Windows XP/2003/Vista boxes can be configured to
support TSIG, with free software, if not natively.
All
On Oct 1, 2007, at 7:42 PM, Mark Andrews wrote:
As for the TSIG or SIG(0) recommendation, I'm not sure what
the numbers are for client support today, but I suspect it's at
best an negligible sample.
Well all Windows XP/2003/Vista boxes can be configured to
support TSIG,
On Oct 1, 2007, at 7:42 PM, Mark Andrews wrote:
As for the TSIG or SIG(0) recommendation, I'm not sure what
the numbers are for client support today, but I suspect it's at
best an negligible sample.
Well all Windows XP/2003/Vista boxes can be configured to
support TSIG,
It does indeed as Stephane pointed out.
Opening up your resolver so you can server roaming users, without
further protection, is, at best, naive.
Joao
On 28 Sep 2007, at 12:15, Jaap Akkerhuis wrote:
There are two major reasons for an organization to not want
roaming
users to
On 28-Sep-2007, at 1136, Paul Hoffman wrote:
It is not obvious, at least to some of the people I have spoken
with. It is also not obvious to VPN vendors; otherwise, they would
have easy-to-use settings to make it happen.
I'm surprised by that comment.
I think it's a common use case that
At 12:04 PM -0400 9/28/07, Joe Abley wrote:
On 28-Sep-2007, at 1136, Paul Hoffman wrote:
It is not obvious, at least to some of the people I have spoken
with. It is also not obvious to VPN vendors; otherwise, they would
have easy-to-use settings to make it happen.
I'm surprised by that
On 28-Sep-2007, at 1136, Paul Hoffman wrote:
It is not obvious, at least to some of the people I have spoken
with. It is also not obvious to VPN vendors; otherwise, they would
have easy-to-use settings to make it happen.
I'm surprised by that comment.
I'm not. As it happens I've used
On 28-Sep-2007, at 1516, Dean Anderson wrote:
Not widely supported in clients. Therefore, not a solution.
In fact, it's quite feasible in operating systems which can run a
local instance of (say) BIND9. It would be fair to say that
installing and configuring BIND9 on an average laptop is
13 matches
Mail list logo
