Firewalls: Why assign names to *everyone* ?

Firewalls
(September 1994)

Indexed By Thread: [Previous] [Next]

Subject:	*Why assign names to everyone* ?**
From:	fin @ unet . umn . edu
Date:	Tue, 6 Sep 94 09:14:23 -0400
To:	padgett @ tccslr . dnet . mmc . com
Cc:	"firewalls @ greatcircle . com"@uvs1.dnet.mmc.com

   >However, they still need names in the DNS so that they can X/Windows
   >and FTP _out_.

   Do not understand, why do you need to assign *names* ? We have several thousand
	...

By "name" I mean a text string with an A record, and a corresponding
PTR record that points back to the same text string.  I do _not_ mean
to imply that this string is particularly meaningful in isolation.

I would hope that the FTP case would be obvious and understood by all.

Some X/Windows systems _appear_ to take the IP address of the other
end of the connection, turn it into a name (via PTR), then later turn
it back into an address.  They, of course, expect the same address
that they started with.

I say _appear_ to because when we ran into this (we used to have our
dynamic pools as 25 addresses per one name), many X sessions would not
work properly.  Changing the DNS to one address per name fixed this
problem.  It may have had another cause (life is short and debugging
time is too).

Craig

Indexed By Date	Previous:	Brixton PPP as a packet filter From: smartin @ fujitsu . ca (Steve Martin)
Indexed By Date	Next:	Re: netfind From: doug @ seas . smu . edu (Doug Davis)
Indexed By Thread	Previous:	*Why assign names to everyone* ?** From: padgett @ tccslr . dnet . mmc . com (A. Padgett Peterson, P.E. Information Security)
Indexed By Thread	Next:	Router Filter Testing From: Michael Laufer <mlaufer @ BBN . COM>