DNS Security (was: RE: [SunRescue] hosts file And DNS files??)
Greg A. Woods
rescue at sunhelp.org
Sat May 26 12:24:20 CDT 2001
[ On Saturday, May 26, 2001 at 11:42:13 (+0100), David Cantrell wrote: ]
> Subject: DNS Security (was: RE: [SunRescue] hosts file And DNS files??)
>
> Bad points - it's tricky to run both a DNS server and a caching server
> on the same box. Especially if you only have one ethernet interface.
That's actually a "good point". You should never serve authoritative
zones from a caching nameserver (i.e. never point public NS records at
a nameserver that's also a caching nameserver).
This is less of a problem in BIND-9, but still not something I'd advise.
> As the zone files are very different from bind's, then you can't just
> copy them back and forth.
That's a very very very bad point. The master-file format is defined by
the RFCs.
--
Greg A. Woods
+1 416 218-0098 VE3TCP <gwoods at acm.org> <woods at robohack.ca>
Planix, Inc. <woods at planix.com>; Secrets of the Weird <woods at weird.com>
More information about the rescue
mailing list