Am 22.03.2014 03:21, schrieb Lennart Poettering: > On Sat, 22.03.14 01:20, Miloslav Trmač (mitr@xxxxxxxx) wrote: >> DNS queries can't really be done within the firewall (and due to the >> circular dependency between having the firewall up before allowing access >> to the network and needing access to the network to resolve DNS names, they >> can't even be used in the on-disk firewall configuration). Having a single >> centralized name->IP address repository instead of having a redundant copy >> in each host, and having the configuration use readable names instead of IP >> addresses, makes some difference in usability and management overhead. > > This is supposedly security functionality. You shouldn't build your > security functionality on top of DNS. If you do, then you gain no > security in your world one thing rules all true in the world of *layered* security not true
Attachment:
signature.asc
Description: OpenPGP digital signature
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
