[Outages-discussion] DHCP being dropped by Lumen?
Chuck Anderson
cra at fea.st
Thu Jun 9 12:41:35 EDT 2022
On Thu, Jun 09, 2022 at 10:19:04AM -0600, Grant Taylor wrote:
> > As others have stated, unicast DHCP is no different than any other
> > unicast packet.
>
> I understand all the above.
>
> What I'm not yet sure of is why you would not run such site-to-site
> traffic through a VPN.
>
> It seems to me like DHCP, DNS, RADIUS, etc. would benefit from staying
> within the control of a common administrative entity. As such, it seems
> logical to use a VPN between two distant pockets of said administrative
> entity.
You probably didn't mean to imply that using DNS over the Internet
without a VPN is not beneficial or appropriate. Even RADIUS makes
sense when you start talking about federation ala eduroam/anyroam.
DHCP does present some interesting security issues if relaying it
unencrypted over the Internet. Imagine someone intercepting that
traffic and telling your clients to boot off a remote server.
More information about the Outages-discussion
mailing list