SRV records etc

Glenn Satchell glenn.satchell at uniq.com.au
Fri Feb 13 07:23:52 UTC 2015


RFC 1912 says about HINFO records:

"2.6.2 HINFO
On the issue HINFO records, some will argue that these is a security
problem (by broadcasting what vendor hardware and operating system you so
people can run systematic attacks on known vendor security holes). If you
do use them, you should keep up to date with known vendor security
problems. However, they serve a useful purpose. Don't forget that HINFO
requires two arguments, the hardware type, and the operating system.

HINFO is sometimes abused to provide other information. The record is
meant to provide specific information about the machine itself. If you
need to express other information about the host in the DNS, use TXT."

To me it would seem that HINFO is not the appropriate record for DNS
fingerprints anyway.

regards,
-glenn

On Fri, February 13, 2015 5:04 am, Cuttler, Brian (HEALTH) wrote:
>
> Misspoke, and not critical to the original thread, but for completeness.
>
> Taking a second look dynamic DNS does not use HINFO records for the
> machine fingerprint, it uses TXT records.
>
> I can't find anything that says it (HINFO) has been officially deprecated,
> nor do I find anything that says it's really used by anyone anymore.
>
>
> -----Original Message-----
> From: Cuttler, Brian (HEALTH)
> Sent: Wednesday, February 11, 2015 9:28 AM
> To: 'Barry Margolin'
> Subject: RE: SRV records etc
>
> HINFO records seem to be used by dynamic DNS to store fingerprints for
> machines, so if a specific machine's information changes, the dhcp server
> will be able to recognize and delete stale records.
>
> To the original point, we have some SVC records here, they seem to work
> well and have not given trouble other than # nslint not knowing what they
> are.
>
> Does anyone know of a new/update nslint?
>
> -----Original Message-----
> From: bind-users-bounces at lists.isc.org
> [mailto:bind-users-bounces at lists.isc.org] On Behalf Of Barry Margolin
> Sent: Tuesday, February 10, 2015 9:14 PM
> To: comp-protocols-dns-bind at isc.org
> Subject: Re: SRV records etc
>
> In article <mailman.1603.1423618610.26362.bind-users at lists.isc.org>,
>  Kevin Oberman <rkoberman at gmail.com> wrote:
>
>> HINFO is getting pretty rare. The security issues are pretty obvious
>> and its advantages are rather limited.
>
> I thought they were deprecated ages ago, but I can't find anything
> official about that.
>
> --
> Barry Margolin
> Arlington, MA
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users
>




More information about the dhcp-users mailing list