CentOS - Jun 2005 - Php package for Microsoft-SQL -- integrated layer 2 + layer 3 name services

From: Les Mikesell <lesmikesell at gmail.com>
> Does anything exist that has that 'basic logic'?   The legacy forms
> work and scale worldwide because the authority to use names is
> carefully delegated.  If two self-issued names are broadcast on
> the same network, who wins?  What if they are on different subnets
> and can't see each other but you try to integrate them with such
> a tool?  What if they normally live on different networks but are
> mobile and eventually collide?   I'd really prefer not to let
anyone's
> laptop claim to be the company email server and get away with it.
Which is why you need a _centralized_ layer 2 + layer 3 server to
prevent this.  If it is the centralized DNS and WINS, then all Windows
and UNIX nodes trust it first and foremost, even if a rogue NetBIOS
node is braodcasting.

The logic of the server would not only not proxy such a node, but it
would quickly report its MAC address as a "problem."



--
Bryan J. Smith   mailto:b.j.smith at ieee.org

On Mon, 2005-06-13 at 14:10, Bryan J. Smith  wrote:
> > Does anything exist that has that 'basic logic'?   The legacy
forms
> > work and scale worldwide because the authority to use names is
> > carefully delegated.  If two self-issued names are broadcast on
> > the same network, who wins?  What if they are on different subnets
> > and can't see each other but you try to integrate them with such
> > a tool?  What if they normally live on different networks but are
> > mobile and eventually collide?   I'd really prefer not to let
anyone's
> > laptop claim to be the company email server and get away with it.
> 
> Which is why you need a _centralized_ layer 2 + layer 3 server to
> prevent this.  If it is the centralized DNS and WINS, then all Windows
> and UNIX nodes trust it first and foremost, even if a rogue NetBIOS
> node is braodcasting.
> 
> The logic of the server would not only not proxy such a node, but it
> would quickly report its MAC address as a "problem."
But if it 'knows' which of two nodes claiming a name is the correct
one, then it must have been preconfigured in a way that wouldn't
have required listening to the broadcast in the first place.  How
does centralizing the service help resolve a conflict correctly?

-- 

  Les Mikesell
    lesmikesell at futuresource.com

From: Les Mikesell <lesmikesell at gmail.com>
> But if it 'knows' which of two nodes claiming a name is the correct
> one, then it must have been preconfigured in a way that wouldn't
> have required listening to the broadcast in the first place.  How
> does centralizing the service help resolve a conflict correctly?
Via several options:

1.  First and foremost, those naming conventions
2.  Reserved MAC address for blocks of the IP subnet
3.  Historical MAC address assignment of the name/IP
4.  Digital signatures of the client (both BIND 9 and
  reverse engineered ADS-DNS)

These is just some of many approaches that can _only_ be accomplished
in an unified layer 2 + layer 3 server.


--
Bryan J. Smith   mailto:b.j.smith at ieee.org