Re: Split dns issues

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

Drew wrote:
>> It's a bit of bad form to use NAT and private addresses at all because the
>> internet really wasn't designed to be segmented, but everyone does it.
> 
> Why is NAT bad form?

I don't mean to imply it shouldn't be used - it is pretty much a necessary evil 
now, but it doesn't fit the original IP design very well.

>>From my standpoint as an admin, private IP's & NAT are another tool to
> help secure my network. You can't attack what you can't see and even a
> misconfigured router or firewall won't expose my network to prying
> eyes.
> 

There are small problems like often needing split DNS, not being able to offer 
public services easily, not being able to track the source addresses 
meaningfully in logs, etc., but the real killer comes when your large 
organization merges with another using the same private address range and you 
need to connect the networks.

-- 
   Les Mikesell
    lesmikesell@xxxxxxxxx

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux