On 9/4/15, 9:29 PM, "bind-users-boun...@lists.isc.org on behalf of Noel Butler" <bind-users-boun...@lists.isc.org on behalf of noel.but...@ausics.net> wrote:
>On 05/09/2015 04:49, Reindl Harald wrote: > >> mostly people who are throwing as much as possible appliances and >> firewalls in front of their machines doing that because missing >> knowledge > >and falling for some salesman's BS, the moment they sniff you have no >idea, they rub their hands together thinking how big their Christmas >bonus will be, many moons ago an apprentice nearly fell for cisco's hype >of their pix junk, I showed him how to use , hrmm ipchains I think was >back then, did just as good job as any multi thousands dollars box of >vendor crap would. Actually, PIX had issues... I can attest to that, having administered several Cisco-based networks including PIX years before I was "a Cisco person". Having worked at some large NSPs I can also attest to similar issues with just about every vendor who does or has existed over the past couple decades. That said, PIX was at least stateful (unlike ipchains, as you know that was the big selling point of iptables), had HA before heartbeat was popular (I was using clustered PIX at scale in late 90's, didn't really trust heartbeat in production until 2006/7), was easy to tie into existing AAA infra (also didn't really like the state of PAM back then)... as it is now, the best approach really decided on your use cases. Your call out that you should really know what you're doing before buying anything or even getting paid to administer networks is spot on regardless of what vendors are involved. :-) _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users