DNS Security (was: RE: [SunRescue] hosts file And DNS files??)
Sebastian Marius Kirsch
rescue at sunhelp.org
Tue May 29 13:56:56 CDT 2001
On Tue, May 29, 2001 at 02:05:12AM -0400, Greg A. Woods wrote:
> You were supposing that it was easy to transfer to and from djb's zone
> file format.
It is, if you are willing to go via the standard way to exchange DNS
zone data -- ie. via zone transfers. I think it's preposterous to make
any assumptions about the internal configuration file formats for any
server.
> you can't convince the majority of people to switch to your definition
> of the world if you only provide a one-way transfer to get there; you
> have to provide the inverse as well even if nobody ever uses it
There is a reverse way -- axfr-get for converting from BIND to djbdns,
djbdns to BIND via axfrdns.
> Of course the major problem with any conversion scheme that involves
> going through the wire-format zone transfer is that it loses all the
> extraneous information that usually makes an original zone file
> valuable, i.e. the comments
Sorry, but in my opinion, compatibility can only go so far, and in this
case, the loss when converting to djbdns is negligible.
--
Yours, Sebastian Kirsch <skirsch at moebius.inka.de>
PEBKAC: Problem Exists Between Keyboard And Chair
More information about the rescue
mailing list