Reverse lookups not working when Internet connection failed.
Fred Morris
m3047 at m3047.net
Mon Nov 7 16:45:29 UTC 2022
Don't kid yourself. This is wishing for a security outcome which will
never reach fruition because of asymmetric interests and capabilities.
On Sun, 6 Nov 2022, Grant Taylor via bind-users wrote:
> [...]
> I find that $CLIENTNAME or some other stand in for the client is a potential
> for information lek.
The PUBLIC DNS is not secure against eavesdropping or parallel
construction and never will be. Just like the destruction of whois (never
was a good tool) doesn't prevent reconstruction of people's networks.
People like me get paid a lot of money to see that this is so, and at
least in some cases I remain convinced it's a good enough idea I don't
care what people think about it. I even offer software to accomplish this
for free on the internet; I even leverage features of e.g. BIND to do
this.
I can make arguments for being generic, or provider centric, or customer
centric; I can also make arguments for outright lying. Hey, choose your
own adventure; other people will judge you accordingly.
--
Fred Morris, internet plumber
More information about the bind-users
mailing list