On Fri, Feb 23, 2001 at 09:35:55AM +0100, Stanislaw Winiecki
<[EMAIL PROTECTED]> wrote:
> [...]
> I am not a fan of BIND either, my e-smith 4.0 box, where I had to set up a
> public DNS server experienced a break-in two days ago :-(. All the tracks
> lead to BIND having been exploited... I'm still a Linux novice, but I'm
> pretty certain of that one...
That doesn't sound at all good. People keep asking why we don't ship with a
"full DNS server". Maybe you could tell them why... :-(
Just to make it clear for everyone on the list, e-smith's DNS server in
4.0 is configured to only cache DNS queries and respond to requests from
the _local_ network. This protects against this sort of break-in. 4.1
is even more heavily protected, guarding against attacks from the local
network.
> Now I was _forced_ to upgrade to 4.1.1, which I did yesterday (actually not
> an upgrade but a fresh install) and now I'm one happy admin :)
Great. 4.1 also runs BIND in a chroot() jail. If you are thinking about
running a "real" DNS server, I suggest you do the same. A fresh install is
definitely the thing to do in this case.
> [...]
> Now that I've observed the motivational value of a failure (motivational fot
> the management, that is) I'm starting to understand better the BOFH-type
> attitude... ;-))))
Yep. And why we have resisted various "features" in e-smith :-)
> While I'm at it - another GREAT JOB, guys! :)
Thank you.
> I love the webmail feature, my users won't complain of not having access to
> sending mail from home anymore :) And when I first started the webmail page,
> IMP appeared in Polish before my amazed eyes :)
That's what we like to hear.
> I hope to be more helpful to the developers in the future. For now I can
> basically offer a translation of the manual into Polish, for example.
> Charlie once told me to hold that because of plans to release 4.1. Now it's
> out, so maybe we can come back to the idea?
> Or should we wait for a more internationalized version of e-smith?...
Skud is driving I18N and L10N - I'm sure she'll respond on the best way to
proceed.
> All the best for everyone at e-smith inc. in the XXI century :)
Thanks,
Gordon
--
Gordon Rowell [EMAIL PROTECTED]
http://www.e-smith.org (development) http://www.e-smith.com (corporate)
Phone: +61 (0418) 467 366 Fax: +1 (613) 564 7739
e-smith, inc. 1500-150 Metcalfe St, Ottawa, ON K2P 1P1 Canada
