LinuxSA Mailing list archives
Index:
[thread]
[date]
[subject]
[author]
[stats]
From: Daryl Tester <Daryl.Tester@iocane.com.au>
To : Alan Kennington <akenning@topology.org>
LinuxSA <linuxsa@linuxsa.org.au>
Date: Tue, 29 May 2001 16:48:23 +0930
Re: Bind dilemmas.
"Alan Kennington" <akenning@topology.org> wrote:
>> I shouldn't be able to punch non-authorative requests through
>> your name server ...
> I'm afraid I don't have any idea whether that should or should
> not be possible.
"Should not" - this is exactly what Telstra did to their "name
servers" recently, as you should recall, to reduce the load on
their servers.
I think it was Glen who stated it last time; name serving and
name resolving are two separate functions, that BIND combines
into the same package.
> Where would I read up on what my "named" _should_ do?
Your name resolving should be limited to those people whom
you want to use it, namely your internal LAN.
> I have the O'REilly BIND book, and have read lots of
> docs and manuals on BIND.
I don't have BIND installed any conveniently, but it can
have an ACL applied somewhere to limit this.
> That looks like what all DNS servers do.
No - again[1], resolving and serving are two different things.
Name serving is mapping names to values for which you are
authorative - topology.org and all those other myriad domains
you're probably hosting.
Name _resolving_ involves looking up other name servers
for those mappings - preferably the correct ones
> Or do I have to lock down DNS against hackers too?
With BIND, that seems to be a given.
> It's quite annoying that any
> machine connected permanently to the net needs so much nursing.
Mine's fine, but I don't use BIND, and it's much less of a
pig on resources for a "firewall class box".
Regards,
Daryl Tester
IOCANE Pty. Ltd.
[1] Repeat after me ... "name serving and name resolving are two
separate functions".
--
LinuxSA WWW: http://www.linuxsa.org.au/ IRC: #linuxsa on irc.linux.org.au
To unsubscribe from the LinuxSA list:
mail linuxsa-request@linuxsa.org.au with "unsubscribe" as the subject
Index:
[thread]
[date]
[subject]
[author]
[stats]
Return to the LinuxSA Mailing List Information Page