I broke DNS plenty of times in my homelab independent from NAT. In the last few months:
didn’t turn off DNS server in a wifi router set up as bridged access point
dnsmasq failing to start because I removed an interface
dnsmasq failing to start because the kernel/udev didn’t rename an interface on time
dnsmasq failing to start because hostapd error didn’t set proper interface settings
forgot to remove static DNS entries in /etc/hosts used for testing
forgot to remove DNS entries from /etc/resolve.conf after visiting a friend and working on his setup
Yes, most of them is my dumb ass making mistakes, but in the end it’s something that constantly breaks and it helps knowing the IP addresses of my servers and routers.
Aditionally, obscurity is a security helper. The problem is relying only on obscurity. But if I have proper firewall rules in place and strong usernames and passwords I still prefer if you don’t even know the IP addresses of my servers on top of that (in case I break some of the other security layers).
I broke DNS plenty of times in my homelab independent from NAT. In the last few months:
Yes, most of them is my dumb ass making mistakes, but in the end it’s something that constantly breaks and it helps knowing the IP addresses of my servers and routers.
Aditionally, obscurity is a security helper. The problem is relying only on obscurity. But if I have proper firewall rules in place and strong usernames and passwords I still prefer if you don’t even know the IP addresses of my servers on top of that (in case I break some of the other security layers).