From owner-freebsd-questions@FreeBSD.ORG Wed Dec 17 21:04:58 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 22E2C106568D for ; Wed, 17 Dec 2008 21:04:58 +0000 (UTC) (envelope-from rock_on_the_web@comcen.com.au) Received: from mail.unitedinsong.com.au (202-172-126-254.cpe.qld-1.comcen.com.au [202.172.126.254]) by mx1.freebsd.org (Postfix) with ESMTP id C624E8FC18 for ; Wed, 17 Dec 2008 21:04:57 +0000 (UTC) (envelope-from rock_on_the_web@comcen.com.au) Received: from [192.168.0.199] (unknown [192.168.0.199]) by mail.unitedinsong.com.au (Postfix) with ESMTP id E30A348C7 for ; Thu, 18 Dec 2008 07:05:38 +1000 (EST) From: Da Rock To: freebsd-questions@freebsd.org In-Reply-To: <20081217190708.P2011@wojtek.tensor.gdynia.pl> References: <26face530812170701n4160dba2ve183d8860b6d4a69@mail.gmail.com> <49491705.5060108@pixelhammer.com> <20081217190708.P2011@wojtek.tensor.gdynia.pl> Content-Type: text/plain Date: Thu, 18 Dec 2008 07:04:48 +1000 Message-Id: <1229547890.1266.49.camel@laptop2.herveybayaustralia.com.au> Mime-Version: 1.0 X-Mailer: Evolution 2.22.3.1 FreeBSD GNOME Team Port Content-Transfer-Encoding: 7bit Subject: Re: Publishing information via DNS X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 17 Dec 2008 21:04:58 -0000 On Wed, 2008-12-17 at 19:07 +0100, Wojciech Puchar wrote: > > Someone needs to invent and promote a TextualDatagramPublicationProtocol or > > TDPP because DNS has been abused for publishing non DNS data for too long. > > Continuing to use DNS for things it was never intended to do will only cloud > > the issue and delay implementation when the internet decides to take DNS > > security seriously. > > > where do you see security issue of that? except that someone voluntarily > publish his/her private data this way - but it won't be DNS security > problem but his/her problem I'm not pretending to be any kind of expert in this, but as with any software not used as it should it does get cloudy. Security in DNS is already an issue with care to be taken in who can see what and how it gets updated or what not- particularly with slave DNS' involved. I can't say what security issues it would raise, but I wouldn't be implementing anything like that myself for the same reasons. I'd stick to hostnames and maybe services which it was designed for.