314

It's easier to remember the IPs of good DNSes, too. (lemmy.sdf.org)

submitted 2 months ago* (last edited 2 months ago) by lambalicious to c/programmer_humor@programming.dev

187 comments fedilink hide all child comments

Today in our newest take on "older technology is better": why NAT rules!

you are viewing a single comment's thread
view the rest of the comments

[-] Tja@programming.dev -3 points 2 months ago

Con: you are now even more dependent on DNS, increasing the blast radius even more ~~if~~ when it breaks.

[-] sep@lemmy.world 6 points 1 month ago

But DNS rarely break. The meme about it beeing DNS's fault is more often then not just a symptom of the complexity of IPv4 NAT problem.

If i should guesstimate i think atleast 95% of the dns issues i have ever seen, are just confusion of what dns views they are in. confusion of inside and outside nat records. And forgetting to configure the inside when doing the outside or vice verca. DNS is very robust and stable when you can get rid of that complexity.

That beeing said, there are people that insist on obscurity beeing security (sigh) and want to keep doing dns views when using IPv6. But even then things are much easier when the result would be the same in either view.

[-] Mr_Dr_Oink@lemmy.world 2 points 1 month ago

That beeing said, there are people that insist on obscurity beeing security (sigh) and want to keep doing dns views when using IPv6. But even then things are much easier when the result would be the same in either view.

OMG!!

This guys a bee! Everybody run!!!!

[-] Tja@programming.dev 2 points 1 month ago

I broke DNS plenty of times in my homelab independent from NAT. In the last few months:

didn't turn off DNS server in a wifi router set up as bridged access point
dnsmasq failing to start because I removed an interface
dnsmasq failing to start because the kernel/udev didn't rename an interface on time
dnsmasq failing to start because hostapd error didn't set proper interface settings
forgot to remove static DNS entries in /etc/hosts used for testing
forgot to remove DNS entries from /etc/resolve.conf after visiting a friend and working on his setup

Yes, most of them is my dumb ass making mistakes, but in the end it's something that constantly breaks and it helps knowing the IP addresses of my servers and routers.

Aditionally, obscurity is a security helper. The problem is relying only on obscurity. But if I have proper firewall rules in place and strong usernames and passwords I still prefer if you don't even know the IP addresses of my servers on top of that (in case I break some of the other security layers).

this post was submitted on 19 Jun 2024

314 points (85.5% liked)

Programmer Humor

18917 readers

342 users here now

Welcome to Programmer Humor!

This is a place where you can post jokes, memes, humor, etc. related to programming!

For sharing awful code theres also Programming Horror.

Rules

Keep content in english
No advertisements
Posts must be related to programming or programmer topics

founded 1 year ago

MODERATORS

Feyter@programming.dev

Vacant@programming.dev

anzo@programming.dev

BurningTurtle@programming.dev