On Tue, 2013-07-30 at 14:25 -0700, Russ Allbery wrote: > We (Stanford) strip them out in FAI. We can, of course, continue to do > that, but I thought I'd mention it as a data point. If you have stable > DNS, you really don't want to have another shadow source of IP to host > mapping on local disk; it's almost certain to cause you problems later. Well so long you have services, which depend on the host resolving to it's local address (whatever that is)... it think it can have security impacts if you leave that information up to some other server (e.g. your DHCP). Consider an application which only accept packets originating from <hostname> as a security measure.. if the DNS server goes evil... than that might be used by an attacker. Cheers, Chris.
Attachment:
smime.p7s
Description: S/MIME cryptographic signature