On Fri, Feb 23, 2001 at 02:30:53AM -0500, Peter Cavender <[EMAIL PROTECTED]> wrote:
> > I am not a fan of BIND, and we intend to move to djbdns in the future.
> > This will add security and robustness, but will not fix broken remote
> > sites.
>
> I am interested in your plans to move to djbdns. Since you have run qmail
> since day zero, I am puzzled why you have delayed deploying dnscache and
> tinydns in e-smith.
Time, effort and priorities. DJBDNS also did not work properly behind
a firewall until recently, which was a bit of a showstopper.
> In light of the recent DNS exploits in BIND and cache
> poisoning across the 'net, I would expect that you would be moving rapidly
> in that direction.
Yep - preaching to the converted :-)
> I inquired long ago to JM about djbdns; now it seems that there ARE now
> widely available and acceptable RPMs...that should help ease the
> integration process.
Yes - we know about these RPMs and are looking at how/when to incorporate
djbdns.
> Being that Vixie cron is also suspect for various exploits, I and several
> colleagues have recently ventured into porting the cron from OpenBSD to
> Linux...I will keep you posted, if you are interested...
Sure - sounds interesting. Although the exploits for cron require local
shell access, so are thankfully not a problem for a standard e-smith server.
Gordon
--
Gordon Rowell [EMAIL PROTECTED]
http://www.e-smith.org (development) http://www.e-smith.com (corporate)
Phone: +61 (0418) 467 366 Fax: +1 (613) 564 7739
e-smith, inc. 1500-150 Metcalfe St, Ottawa, ON K2P 1P1 Canada
