Don't obscure your DNS data

You've come to this page because you've obscured information about your domains and IP addresses when asking for help on how to administer your DNS servers.

This is the Frequently Given Answer to such obfuscation.

Don't obscure your domain names and IP addresses when posting messages to newsgroups and mailing lists asking for help. It makes diagnosis difficult for everyone, and introduces the possibility of significant discrepancies between what is discussed and what is really the case, without providing any actual benefit at all.

You may be obscuring your domain names and IP addresses because you believe that you are in some way protecting yourself from attackers who would otherwise find out about your domains and IP addresses. You are not. Bear in mind what it is that you are actually doing.

Running a DNS content server is a form of Internet publication, equally as much as running an HTTP content server is. If you intend to publish the names and addresses of your servers in the public DNS for all of the world to see, it's simply foolishness to obscure them when posting to mailing lists and newsgroups. You are trying to keep from public knowledge something that you are in fact telling the public anyway. Your DNS content server will freely publish all of your names and IP addresses to the entire world. That is the nature of DNS. Indeed, that is (partly) its whole purpose.

Even if you do not intend to publish the names and addresses of your servers in the public DNS, and are instead operating a private network, it is still foolish to conceal the names and addresses that you are putting into your DNS database. The security of your network lies in the segregation between it and Internet. Obscuring your domain names and IP addresses provides no additional security beyond what you already have.

Obscuring domain names and IP addresses in your posts serves no useful purpose. It is a waste of the effort involved; and, indeed, can often result in the introduction of new errors that only confuse matters further. It also prevents us from obtaining further information and from performing tests, which will help us to aid you, on our own.


© Copyright 2001-2002 Jonathan de Boyne Pollard. "Moral" rights asserted.
Permission is hereby granted to copy and to distribute this web page in its original, unmodified form as long as its last modification datestamp is preserved.