 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
On Tue, Oct 02, 2001 at 05:28:07PM -0400, David Kramer wrote: > On 2 Oct 2001, Derek Atkins wrote: > > > Setting up a caching-only nameserver requires you to: > > 1) install the nameserver binary (this is easy under RedHat and Debian) > > You mean bind? I took bind off my basement server after I noticed that it (along with sendmail) is always supplying yet another security hole or bug. Instead I use tinydns and dnscache. They are not part of the distributions because their author is cranky and ornery and has his own custom licensing terms that apparently makes it hard for the likes of Red Hat to config it for you. But he also has outstanding a small cash bounty for anyone who can find a security hole and no one seems jumping up and down saying he owes him/er money. The folks who do bind and sendmail wouldn't dare match that. tinydns and dnscache are free, come as source, and they work. The function of providing authoritative DNS info about your machines is separated from looking up DNS info. In this case tinydns provides DNS info (it tells my NATed network what machine is which on my side of the router). The other, dnscache, does lookups for me about machines in the outside world, and it will ask my own tinydns daemon about machines in my own world. I have DHCP telling my local machines to use my dnscache daemon. By doing my own DNS there is one less way my DSL provider can break me. Because I have more faith in the reliability of my own server than of my ISP, I like that. The configuration is very different from that of bind in style, but it makes sense once you get the hang of it. There is a useful mailing list for help in configuring--but it is a little cranky too. (Being in the shadow of bind makes them defensive. Having a cranky leader also sets a bad example for them.) There are also some useful and friendly third-party resources (that is, sites not referenced from the Official site). Speaking of sendmail: I use qmail in its stead. Same cranky author. Same strange licensing restrictions keeping it off the distributions. Easier to set up than the DNS stuff, and again, significantly different from sendmail's configuration. It works. Is fast. Secure even. The Hotmail folks used it very successfully for a zillion accounts, at least they did before Micro$oft bought them. -kb, the Kent who would be happy to try to answer any questions if any of you want to try out these packages. - Subcription/unsubscription/info requests: send e-mail with "subscribe", "unsubscribe", or "info" on the first line of the message body to discuss-request at blu.org (Subject line is ignored).
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
