I think we may be talking past each other. I was referring to (client) machine
trust accounts inside of AD, not hostnames in DNS.
I now think you are referring to the latter. I can see how that can work.
--
Grant. . . .
unix || die
smime.p7s
Description: S/MIME cryptographic signature
__
On Jun 27, 2018, at 12:27 PM, Darcy Kevin (FCA)
wrote:
> I’m not convinced DNS has any valuable role to play here.
I can see the value for services that have FQDNs that resolve to IP addresses
outside of their ASN(s) like Google / YouTube.
--
Grant. . . .
unix || die
smime.p7s
Description:
On Jun 27, 2018, at 11:59 AM, Dale Mahalko wrote:
> Guessing the potential background domains used by Microsoft / Steam, etc and
> monitoring bandwidth used by those domains is unfortunately the only option
> available.
If you can get information on the IP addresses associated with their ASN(s)
IANAL, but even if one considers this scenario to constitute a DDoS attack, and
there is plenty of case law supporting prosecution under CFAA (Computer Fraud
and Abuse Act) for DDoS attacks, CFAA generally requires *intent*, and this
appears to be simple negligence.
"Trespass to chattel" might
Domain Controllers certainly need to have their hostnames registered in the AD
domain, but regular domain-joined members do *not*. We've been running AD for
decades, without registering members in the AD domain. Works fine. Instead, we
get our (non-Microsoft) DHCP servers to register dynamic cli
We do something somewhat similar with our LAN. We have a new cable
connection and an old DSL connection. The cable is 60x faster, but has
a dynamic IP and blocks various ports (esp. 25), so we keep the DSL so
we can send email directly etc.
Obviously, we don't want to stream video or even do much
Traffic shaping is not my area of expertise, but from what I understand, at a
minimum it can classify different kinds of traffic, based on more reliable
metrics than DNS name. I was assuming (perhaps incorrectly), that its output
(QoS markings or CoS or whatever) could then be used in a degenera
On Wed, Jun 27, 2018 at 12:27 PM, Darcy Kevin (FCA) <
kevin.da...@fcagroup.com> wrote:
> I’m not convinced DNS has any valuable role to play here. Seems like this
> is a traffic-shaping challenge; maybe one of the open source traffic
> shaping tools would fit the bill.
>
A Google search for multi
Due to the fact that I don't have the ability to program this experiment
myself without spending a couple more years to improve my coding skills,
could I interest anyone else here to do the programming work?
I would prefer someone who is associated with ISC who sounds like they
already know the co
I’m not convinced DNS has any valuable role to play here. Seems like this is a
traffic-shaping challenge; maybe one of the open source traffic shaping tools
would fit the bill.
There is no way to know if this is the "right" or "wrong" approach without
actually trying it and see what happens.
Guessing the potential background domains used by Microsoft / Steam, etc
and monitoring bandwidth used by those domains is unfortunately the only
option available. It's not like any
Hmmm... My understanding was that the only requirement was that the DNS
server pointed to by the AD DC (in this case the AD is managed by SAMBA)
had to be authoritative for the domain in DNS which represented the
matching AD domain. This was a common holy war between MCSE folks and Bind
groupies.
On Tue, Jun 26, 2018 at 12:45 PM, Grant Taylor via bind-users <
bind-users@lists.isc.org> wrote:
Are you saying that you want to dynamically update routes to IPs resolved
in real time to specific host / domain names? Such that traffic to
specific hosts / domain names is routed over DSL? With th
@all
I still do not see any relevant point that will take the DNS authority
leaving the AD and do something to resolve your queries. As the wiki says,
security is essential and you do not have to risk it and let the data be
compromised.
And remember, I'm at an education institute with courses in
14 matches
Mail list logo
