mDNS/LLMNR was Re: [BBLISA] openldap recipe(s)
Dean Anderson
dean at av8.com
Sat Nov 8 18:52:21 EST 2008
On Fri, 7 Nov 2008, Michael Tiernan wrote:
> On Fri, Nov 7, 2008 at 4:37 PM, Dean Anderson <dean at av8.com> wrote:
> > Don't use .local
>
> Ok. I see the logic of the argument. Someone smarter than I (not that
> this was difficult) suggested to me that if you have a network where
> each machine has two NICs that it's "a good idea" to use
> [traditional?] names for the front ends and ".local" for the backends.
>
> The front end being isolated may respond to "myspecialdbs.example.com"
> but the backend, which you don't want any outsiders touching is
> "myspecialdbs.local". This is what management systems, backup, etc.,
> would look at/for when they need to reach these interfaces. (Usually
> on an RFC1918 restricted address model.)
The above all seems quite reasonable to me. I agree that .local was a
good idea. But that argument was not accepted by the IETF in 1999, and
unfortunately I wasn't participating in the IETF back then because some
certain personalities had only insults and I thought I had better things
to do than fight with them. (yes, I was wrong about that)
> His arguments seemed to make sense and I am not savvy enough to sort
> out the positives vs negatives on this. The URLs Mr Anderson provides
> all seem to indicate that it's only a bad idea if you want
> myspecialdbs.local to be "in a search path" but what if, as the
> example above, you want all traffic to be "front-end-oriented" except
> by specific use of the ".local" suffix meaning "go to the back end"?
Yep. Except that to use .local, it must be in your own search path. M$
has gone ahead and used .local anyway, but I don't think its a real good
idea.
--Dean
--
Av8 Internet Prepared to pay a premium for better service?
www.av8.net faster, more reliable, better service
617 344 9000
More information about the bblisa
mailing list