[Samba] Using a correctly delegated domain name

Billy Bob billysbobs at yahoo.com
Sun May 2 18:51:53 UTC 2021 

If your "server didn't have any internet connection" and you are wondering about whether that would allow you to use a spoofed domain name, I might suggest that the almost negligible cost of getting your own domain name and the effort it takes to learn a little more about the proper way to do things -- as opposed to trying to creatively avoid that -- will absolutely pale in comparison to he effort you will have to expend when eventually you start having problems with installed software, as well as the operating system, and you have no easy way to keep your system updated. And before you think that you will "never" have to deal with an update if you don't change the software, I might add that you will be giving up reliable access to new features as well as solutions to problems that existed but weren't yet know in your base install. To be sure, on a new Linux install about the first thing that happens is a big update. One of the great things about open source Linux is that the community very actively provides solutions to these issues. Another great thing, however, is that the Linux operating system handles your hardware driver problems that others (think Microsoft) fob off on users. On he other hand, no updates equals forget about that latest piece of hardware (new printer, sound card, ...) you want to use. Not to be too preachy about it, take advantage of this group's willingness tk help you learn!

 
 
  On Sun, May 2, 2021 at 12:22 PM, Andrew Bartlett via samba<samba at lists.samba.org> wrote:   On Sun, 2021-05-02 at 12:34 +0000, Jason Long via samba wrote:
> Hello,
> Excuse me, can you explain it more?
> If my server didn't have any internet connection, then a domain like
> "microsoft.com" is acceptable?

Aside from just being 'rude' to use (squat) on a domain you don't own,
there are a number of serious matters that come about from choosing a
domain not correctly delegated.

Yes, on a totally isolated network (air gap) then there is no internet,
no domain name system nor domain registry, but on the more common
situation of 'behind a firewall', registered internet domains matter.

For example, if your clients will reach out up the DNS tree looking for
servers which support DNS updates, trying to register their names.  The
ever-observant administrators at ozlabs.org, who host my domain
abartlet.net very often noticed when I was at a conference, because my
test domains on my laptop would start trying to update names under
abartlet.net from (eg) Microsoft plugfest lab IPs!

The other issue is that in terms of DNSSec etc, your domain will always
be an imposter.  As clients increasingly check signatures, yours will
not appear in the parent zone as a valid child.

And finally, of course if you squat over a domain, you prevent your own
clients accessing that domain, and in in inverse, if they do access the
real 'microsoft.com' they can be directed elsewhere, not always to
where you want.

Some of the common 'lab' domains names are, I'm told by my security
team at work, actually held by malicious entities, and could return
harmful results, designed to attract traffic!

So just don't.

Andrew Bartlett

-- 
Andrew Bartlett (he/him)      https://samba.org/~abartlet/
Samba Team Member (since 2001) https://samba.org
Samba Team Lead, Catalyst IT  https://catalyst.net.nz/services/samba

Samba Development and Support, Catalyst IT - Expert Open Source
Solutions


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list