DNS Security (was: RE: [SunRescue] hosts file And DNS files??)
Greg A. Woods
rescue at sunhelp.org
Tue May 29 01:05:12 CDT 2001
[ On Tuesday, May 29, 2001 at 01:14:48 (+0200), Sebastian Marius Kirsch wrote: ]
> Subject: Re: DNS Security (was: RE: [SunRescue] hosts file And DNS files??)
>
> On Mon, May 28, 2001 at 05:21:42PM -0400, Greg A. Woods wrote:
> > I think your fudging things a lot there. Can axfr-get get a zone from
> > a text file? I've never heard that it can.....
>
> No. Why would you want to? axfr-get can get you the zone data in the
> required format. What else do you want?
You were supposing that it was easy to transfer to and from djb's zone
file format. I seems that's simply not true. Everyone should learn
from djb's mistake -- you can't convince the majority of people to
switch to your definition of the world if you only provide a one-way
transfer to get there; you have to provide the inverse as well even if
nobody ever uses it (nobody wants to check into a hotel they can never
check out of! ;-).
Of course the major problem with any conversion scheme that involves
going through the wire-format zone transfer is that it loses all the
extraneous information that usually makes an original zone file
valuable, i.e. the comments (and implicitly the history too if you've
used some version control tool to manage that original file).
> Again, why would you want to, when you can use a much simpler solution?
Standards are such wonderful things -- there are so many to choose from!
Meanwhile I'll stick to what most of the world uses simply because
that's in fact the "much simpler solution" in the end! ;-)
--
Greg A. Woods
+1 416 218-0098 VE3TCP <gwoods at acm.org> <woods at robohack.ca>
Planix, Inc. <woods at planix.com>; Secrets of the Weird <woods at weird.com>
More information about the rescue
mailing list