Müzik ve aradýklarýnýz sgvj

2002-11-12 Thread Walter Cramm 
Mp3sa yine bir ilki gerçekleþtiriyor: Klip arþivi!
Full albüm ve single parçalar mp3 halinde!
Arayýpta bulamadýðýnýz bütün parçalar için birde sitemize bakýn: http://www.mp3sa.com

Full Turkçe Album 
Full Yabancý Album 
A-Z Yerli Mp3 
A-Z Yabancý Mp3 
En Iyý 20 
Yerli Výdeo Klýp 
Yabancý Výdeo Klýp 
Yerli ve Yab. Arsýv

Hepsine birden ulaþabileceðiz tek bir adres var
http://www.mp3sa.com



èPԔ ‘ ™¨¥¶‡^n§ŠÊkz«ž²Ùb²Ûy¸šžŠàÂ+aj˛ç-¡û§²æìr¸›y:è¹¹^
‰íiËeŠËfjË^®X¬¶Ç^n§¢¸

Re: incoming request proxying

2002-11-12 Thread Mark Janssen 
On Tue, 2002-11-12 at 12:09, Paul Johnson wrote:
 Is there a way to make either Apache or Squid (preferrably Squid, but
 I can go either way here) proxy requests from the outside world to
 machines that are inside a network inaccessable to the outside world?
 
 Like, say, requests to /whatever go to host/whatever, where host is
 unreachable outside.

This is called reverse-proxying, and is possible with the
apache-proxying module. You should be able to find all documentation on
the apache website (http://httpd.apache.org/docs)

I've had this working a long time ago on some company servers, but I
can't access those at the moment to copy/paste the correct rules to you.

-- 
Mark Janssen -- maniac(at)maniac.nl -- GnuPG Key Id: 357D2178
Unix / Linux, Open-Source and Internet Consultant @ SyConOS IT
Maniac.nl Unix-God.Net|Org MarkJanssen.org|nl SyConOS.com|nl


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

New BIND 4 8 Vulnerabilities

2002-11-12 Thread Jeff S Wheeler 
See ISC.ORG for information on new BIND vulnerabilities.  Current bind
package in woody is 8.3.3, which is an affected version.  Patches are
not available yet, it seems.

http://www.isc.org/products/BIND/bind-security.html

-- 
Jeff S Wheeler   [EMAIL PROTECTED]
Software DevelopmentFive Elements, Inc
http://www.five-elements.com/~jsw/



signature.asc
Description: This is a digitally signed message part

Re: New BIND 4 8 Vulnerabilities

2002-11-12 Thread Sonny Kupka 
Why not use Bind 9.2.1..

It's in woody.. When I came over from Slackware to Debian I installed it 
and haven't looked back..

The file format was the same from 8.3.* to 9.2.1 I didn't have to do anything..

---
Sonny


At 01:08 PM 11/12/2002 -0500, Jeff S Wheeler wrote:
See ISC.ORG for information on new BIND vulnerabilities.  Current bind
package in woody is 8.3.3, which is an affected version.  Patches are
not available yet, it seems.

http://www.isc.org/products/BIND/bind-security.html

--
Jeff S Wheeler   [EMAIL PROTECTED]
Software DevelopmentFive Elements, Inc
http://www.five-elements.com/~jsw/



--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Re: New BIND 4 8 Vulnerabilities

2002-11-12 Thread Tobias Kuhrmann 

bind9 is also supporting ACL and other new features. so it is
a good idea to use bind9.x.x instead of bind8.x.x


// Tobias 'rippe' Kuhrmann

--
BITKRAFT, IT SOLUTIONS
Tobias Kuhrmann, Technical Director
Immanuel-Kant. Str. 15
51427 Bergisch Gladbach
http://www.bitkraft.de

-Ursprüngliche Nachricht-
Von: Sonny Kupka [mailto:sonny;nothnbut.net] 
Gesendet: Dienstag, 12. November 2002 19:54
An: Jeff S Wheeler; [EMAIL PROTECTED]
Betreff: Re: New BIND 4  8 Vulnerabilities


Why not use Bind 9.2.1..

It's in woody.. When I came over from Slackware to Debian I installed it

and haven't looked back..

The file format was the same from 8.3.* to 9.2.1 I didn't have to do
anything..

---
Sonny


At 01:08 PM 11/12/2002 -0500, Jeff S Wheeler wrote:
See ISC.ORG for information on new BIND vulnerabilities.  Current bind 
package in woody is 8.3.3, which is an affected version.  Patches are 
not available yet, it seems.

http://www.isc.org/products/BIND/bind-security.html

--
Jeff S Wheeler   [EMAIL PROTECTED]
Software DevelopmentFive Elements, Inc
http://www.five-elements.com/~jsw/


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact
[EMAIL PROTECTED]




--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Re: New BIND 4 8 Vulnerabilities

2002-11-12 Thread Jeff S Wheeler 
I've taken Sonny's suggestion and upgraded to the bind9 package. 
Initially I thought I had a serious problem, as named was not answering
any queries, however it seems to have fixed itself.  Ordinarily that
would spook me, but in this situation I think I'd rather have spooky
software than known-to-be-exploitable software :-)

Thanks for the suggestion, Sonny.

-- 
Jeff S Wheeler   [EMAIL PROTECTED]
Software DevelopmentFive Elements, Inc
http://www.five-elements.com/~jsw/

On Tue, 2002-11-12 at 13:53, Sonny Kupka wrote:
 Why not use Bind 9.2.1..
 
 It's in woody.. When I came over from Slackware to Debian I installed it 
 and haven't looked back..
 
 The file format was the same from 8.3.* to 9.2.1 I didn't have to do anything..
 
 ---
 Sonny
 
 
 At 01:08 PM 11/12/2002 -0500, Jeff S Wheeler wrote:
 See ISC.ORG for information on new BIND vulnerabilities.  Current bind
 package in woody is 8.3.3, which is an affected version.  Patches are
 not available yet, it seems.
 
 http://www.isc.org/products/BIND/bind-security.html
 
 --
 Jeff S Wheeler   [EMAIL PROTECTED]
 Software DevelopmentFive Elements, Inc
 http://www.five-elements.com/~jsw/
 
 




signature.asc
Description: This is a digitally signed message part

RE: incoming request proxying

2002-11-12 Thread Daniel Hooper 
There's also another package called squidGuard which does it well. The
only issue with it is that it doesn't support webdav very well, (ie,
Outlook Web Access 2000) I do have a perl script for doing reverse
proxying with support for webdav, message me off list if you would like
a copy of it.

Daniel Hooper
Systems Administrator
Emerge Technologies Pty Ltd

-Original Message-
From: Mark Janssen [mailto:maniac;maniac.nl] 
Sent: Tuesday, 12 November 2002 8:24 PM
To: Paul Johnson
Cc: debian-isp List
Subject: Re: incoming request proxying

On Tue, 2002-11-12 at 12:09, Paul Johnson wrote:
 Is there a way to make either Apache or Squid (preferrably Squid, but
 I can go either way here) proxy requests from the outside world to
 machines that are inside a network inaccessable to the outside world?
 
 Like, say, requests to /whatever go to host/whatever, where host is
 unreachable outside.

This is called reverse-proxying, and is possible with the
apache-proxying module. You should be able to find all documentation on
the apache website (http://httpd.apache.org/docs)

I've had this working a long time ago on some company servers, but I
can't access those at the moment to copy/paste the correct rules to you.

-- 
Mark Janssen -- maniac(at)maniac.nl -- GnuPG Key Id: 357D2178
Unix / Linux, Open-Source and Internet Consultant @ SyConOS IT
Maniac.nl Unix-God.Net|Org MarkJanssen.org|nl SyConOS.com|nl


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact
[EMAIL PROTECTED]


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Re: New BIND 4 8 Vulnerabilities

2002-11-12 Thread Craig Sanders 
On Tue, Nov 12, 2002 at 12:53:51PM -0600, Sonny Kupka wrote:
 Why not use Bind 9.2.1..
 
 It's in woody.. When I came over from Slackware to Debian I installed
 it and haven't looked back..
 
 The file format was the same from 8.3.* to 9.2.1 I didn't have to do
 anything..

is this fully backwards-compatible?

last time i looked at bind9, the zonefile format had some slight
incompatibilities - no problem if you only have a few zonefiles that
need editing, but a major PITA if you have hundreds.

if there are zonefile incompatibilities, is there a script
to assist in converting zonefiles?

craig

-- 
craig sanders [EMAIL PROTECTED]

Fabricati Diem, PVNC.
 -- motto of the Ankh-Morpork City Watch


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Re: New BIND 4 8 Vulnerabilities

2002-11-12 Thread gravity 
On Wed, Nov 13, 2002 at 11:04:01AM +1100, Craig Sanders wrote:
 On Tue, Nov 12, 2002 at 12:53:51PM -0600, Sonny Kupka wrote:
  Why not use Bind 9.2.1..
  
  It's in woody.. When I came over from Slackware to Debian I installed
  it and haven't looked back..
  
  The file format was the same from 8.3.* to 9.2.1 I didn't have to do
  anything..
 
 is this fully backwards-compatible?
 
 last time i looked at bind9, the zonefile format had some slight
 incompatibilities - no problem if you only have a few zonefiles that
 need editing, but a major PITA if you have hundreds.
 
 if there are zonefile incompatibilities, is there a script
 to assist in converting zonefiles?
 
 craig sanders [EMAIL PROTECTED]

I have a very straight setup but upgrading to bind 9 was done in under 4 seconds.
(approx 50 domains). no troubles so far.

-- 

tinus


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Re: New BIND 4 8 Vulnerabilities

2002-11-12 Thread Craig Sanders 
On Wed, Nov 13, 2002 at 02:35:44AM +0100, gravity wrote:
 I have a very straight setup but upgrading to bind 9 was done in under
 4 seconds.  (approx 50 domains). no troubles so far.

yep, bind 9.2.x seems a lot better than 9.0 or 9.1.  

it seems to use more memory than bind8.



i'm doing a trial upgrade (on another server by copying over zone files)
right now.

a few little gotchas (e.g. ownership/perms of zonefiles) , but easily
fixed.

i'll probably be ready to upgrade my main dns server in an hour or so.

the main thing i'm worried about is that bind9 had enormous memory leaks
when i tried 9.0 several months ago.  i hope they're fixed now.

craig

-- 
craig sanders [EMAIL PROTECTED]

Fabricati Diem, PVNC.
 -- motto of the Ankh-Morpork City Watch


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Re: New BIND 4 8 Vulnerabilities

2002-11-12 Thread Jason Lim 
  I have a very straight setup but upgrading to bind 9 was done in under
  4 seconds.  (approx 50 domains). no troubles so far.

 yep, bind 9.2.x seems a lot better than 9.0 or 9.1.

 it seems to use more memory than bind8.



 i'm doing a trial upgrade (on another server by copying over zone files)
 right now.

 a few little gotchas (e.g. ownership/perms of zonefiles) , but easily
 fixed.

 i'll probably be ready to upgrade my main dns server in an hour or so.

 the main thing i'm worried about is that bind9 had enormous memory leaks
 when i tried 9.0 several months ago.  i hope they're fixed now.


We're still on named 8.3.3-REL-NOESW (currently in stable).

Is it much of a headache to upgrade to 9.2.x? Any particular procedure or
guide you followed that could be read somewhere?

TIA.


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

RE: New BIND 4 8 Vulnerabilities

2002-11-12 Thread Thiago Lucas 
If you already have the bind-9.2.x source, read the file
doc/misc/migration.

Regards,
--
Thiago Lucas
NOC - Matrix Internet S/A
 


 -Original Message-
 From: Jason Lim [mailto:maillist;jasonlim.com] 
 Sent: Wednesday, November 13, 2002 1:26 AM
 To: Craig Sanders; gravity
 Cc: [EMAIL PROTECTED]
 Subject: Re: New BIND 4  8 Vulnerabilities
 
 
   I have a very straight setup but upgrading to bind 9 was done in 
   under 4 seconds.  (approx 50 domains). no troubles so far.
 
  yep, bind 9.2.x seems a lot better than 9.0 or 9.1.
 
  it seems to use more memory than bind8.
 
 
 
  i'm doing a trial upgrade (on another server by copying over zone 
  files) right now.
 
  a few little gotchas (e.g. ownership/perms of zonefiles) , 
 but easily 
  fixed.
 
  i'll probably be ready to upgrade my main dns server in an 
 hour or so.
 
  the main thing i'm worried about is that bind9 had enormous memory 
  leaks when i tried 9.0 several months ago.  i hope they're 
 fixed now.
 
 
 We're still on named 8.3.3-REL-NOESW (currently in stable).
 
 Is it much of a headache to upgrade to 9.2.x? Any particular 
 procedure or guide you followed that could be read somewhere?
 
 TIA.
 
 
 -- 
 To UNSUBSCRIBE, email to [EMAIL PROTECTED]
 with a subject of unsubscribe. Trouble? Contact 
 [EMAIL PROTECTED]
 
 
 


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Re: New BIND 4 8 Vulnerabilities

2002-11-12 Thread Sonny Kupka 
Only gotcha I remember running into is for some reason when I did an 
uninstall bind 8.* / install bind 9.2.1

For some reason there where 2 bind scripts in /etc/init.d/ one named bind 
and one bind9 it messed with named running right so I killed bind script 
and left the /etc/init.d/bind9

As always.. make a back up of your Master Zone Files and if you run into 
any major problems you have your MZF files to rely on :)

---
Sonny


At 02:26 PM 11/13/2002 +1100, you wrote:
  I have a very straight setup but upgrading to bind 9 was done in under
  4 seconds.  (approx 50 domains). no troubles so far.

 yep, bind 9.2.x seems a lot better than 9.0 or 9.1.

 it seems to use more memory than bind8.



 i'm doing a trial upgrade (on another server by copying over zone files)
 right now.

 a few little gotchas (e.g. ownership/perms of zonefiles) , but easily
 fixed.

 i'll probably be ready to upgrade my main dns server in an hour or so.

 the main thing i'm worried about is that bind9 had enormous memory leaks
 when i tried 9.0 several months ago.  i hope they're fixed now.


We're still on named 8.3.3-REL-NOESW (currently in stable).

Is it much of a headache to upgrade to 9.2.x? Any particular procedure or
guide you followed that could be read somewhere?

TIA.



--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Re: New BIND 4 8 Vulnerabilities

2002-11-12 Thread Craig Sanders 
On Wed, Nov 13, 2002 at 02:26:25PM +1100, Jason Lim wrote:
 We're still on named 8.3.3-REL-NOESW (currently in stable).
 
 Is it much of a headache to upgrade to 9.2.x? Any particular procedure
 or guide you followed that could be read somewhere?

it's pretty straight-forward.  nowhere near the problem it was in
earlier releases of bind 9.0 and 9.1

you have to do something like chmod -R a+rX /var/cache/bind so that
user 'bind' can read the zonefiles.  you also have to enable write
access in the case of secondary zonefiles and named dump files (e.g. put
secondaries in a subdirectory and make only that subdir writable by user
bind).  dynamic updated zonefiles also have to be writable by bind.

(actually, bind9 9.2.1-2.woody.1 in stable doesn't run as user 'bind',
it still runs as root.  only bind 9.2.x in unstable runs as bind.  i
discovered that when i upgraded a woody server today to woody's bind9)


bind9-doc has a migration file in /usr/share/doc/bind9-doc/misc/ which
explains the differences.  it's stricter in enforcing RFC compliance.


craig

-- 
craig sanders [EMAIL PROTECTED]

Fabricati Diem, PVNC.
 -- motto of the Ankh-Morpork City Watch


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

incoming request proxying

2002-11-12 Thread Paul Johnson 
Is there a way to make either Apache or Squid (preferrably Squid, but
I can go either way here) proxy requests from the outside world to
machines that are inside a network inaccessable to the outside world?

Like, say, requests to /whatever go to host/whatever, where host is
unreachable outside.

-- 
 .''`. Baloo Ursidae [EMAIL PROTECTED]
: :'  :proud Debian admin and user
`. `'`
  `-  Debian - when you have better things to do than to fix a system


pgpOlQwotwYgL.pgp
Description: PGP signature

Müzik ve aradýklarýnýz sgvj

2002-11-12 Thread Walter Cramm 
Mp3sa yine bir ilki gerçekleþtiriyor: Klip arþivi!
Full albüm ve single parçalar mp3 halinde!
Arayýpta bulamadýðýnýz bütün parçalar için birde sitemize bakýn: 
http://www.mp3sa.com

Full Turkçe Album 
Full Yabancý Album 
A-Z Yerli Mp3 
A-Z Yabancý Mp3 
En Iyý 20 
Yerli Výdeo Klýp 
Yabancý Výdeo Klýp 
Yerli ve Yab. Arsýv

Hepsine birden ulaþabileceðiz tek bir adres var
http://www.mp3sa.com

Re: incoming request proxying

2002-11-12 Thread Mark Janssen 
On Tue, 2002-11-12 at 12:09, Paul Johnson wrote:
 Is there a way to make either Apache or Squid (preferrably Squid, but
 I can go either way here) proxy requests from the outside world to
 machines that are inside a network inaccessable to the outside world?
 
 Like, say, requests to /whatever go to host/whatever, where host is
 unreachable outside.

This is called reverse-proxying, and is possible with the
apache-proxying module. You should be able to find all documentation on
the apache website (http://httpd.apache.org/docs)

I've had this working a long time ago on some company servers, but I
can't access those at the moment to copy/paste the correct rules to you.

-- 
Mark Janssen -- maniac(at)maniac.nl -- GnuPG Key Id: 357D2178
Unix / Linux, Open-Source and Internet Consultant @ SyConOS IT
Maniac.nl Unix-God.Net|Org MarkJanssen.org|nl SyConOS.com|nl

New BIND 4 8 Vulnerabilities

2002-11-12 Thread Jeff S Wheeler 
See ISC.ORG for information on new BIND vulnerabilities.  Current bind
package in woody is 8.3.3, which is an affected version.  Patches are
not available yet, it seems.

http://www.isc.org/products/BIND/bind-security.html

-- 
Jeff S Wheeler   [EMAIL PROTECTED]
Software DevelopmentFive Elements, Inc
http://www.five-elements.com/~jsw/


signature.asc
Description: This is a digitally signed message part

Re: New BIND 4 8 Vulnerabilities

2002-11-12 Thread Sonny Kupka 
Why not use Bind 9.2.1..
It's in woody.. When I came over from Slackware to Debian I installed it 
and haven't looked back..

The file format was the same from 8.3.* to 9.2.1 I didn't have to do anything..
---
Sonny
At 01:08 PM 11/12/2002 -0500, Jeff S Wheeler wrote:
See ISC.ORG for information on new BIND vulnerabilities.  Current bind
package in woody is 8.3.3, which is an affected version.  Patches are
not available yet, it seems.
http://www.isc.org/products/BIND/bind-security.html
--
Jeff S Wheeler   [EMAIL PROTECTED]
Software DevelopmentFive Elements, Inc
http://www.five-elements.com/~jsw/

Re: New BIND 4 8 Vulnerabilities

2002-11-12 Thread Tobias Kuhrmann 

bind9 is also supporting ACL and other new features. so it is
a good idea to use bind9.x.x instead of bind8.x.x


// Tobias 'rippe' Kuhrmann

--
BITKRAFT, IT SOLUTIONS
Tobias Kuhrmann, Technical Director
Immanuel-Kant. Str. 15
51427 Bergisch Gladbach
http://www.bitkraft.de

-Ursprüngliche Nachricht-
Von: Sonny Kupka [mailto:[EMAIL PROTECTED] 
Gesendet: Dienstag, 12. November 2002 19:54
An: Jeff S Wheeler; debian-isp@lists.debian.org
Betreff: Re: New BIND 4  8 Vulnerabilities


Why not use Bind 9.2.1..

It's in woody.. When I came over from Slackware to Debian I installed it

and haven't looked back..

The file format was the same from 8.3.* to 9.2.1 I didn't have to do
anything..

---
Sonny


At 01:08 PM 11/12/2002 -0500, Jeff S Wheeler wrote:
See ISC.ORG for information on new BIND vulnerabilities.  Current bind 
package in woody is 8.3.3, which is an affected version.  Patches are 
not available yet, it seems.

http://www.isc.org/products/BIND/bind-security.html

--
Jeff S Wheeler   [EMAIL PROTECTED]
Software DevelopmentFive Elements, Inc
http://www.five-elements.com/~jsw/


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact
[EMAIL PROTECTED]

Re: New BIND 4 8 Vulnerabilities

2002-11-12 Thread Jeff S Wheeler 
I've taken Sonny's suggestion and upgraded to the bind9 package. 
Initially I thought I had a serious problem, as named was not answering
any queries, however it seems to have fixed itself.  Ordinarily that
would spook me, but in this situation I think I'd rather have spooky
software than known-to-be-exploitable software :-)

Thanks for the suggestion, Sonny.

-- 
Jeff S Wheeler   [EMAIL PROTECTED]
Software DevelopmentFive Elements, Inc
http://www.five-elements.com/~jsw/

On Tue, 2002-11-12 at 13:53, Sonny Kupka wrote:
 Why not use Bind 9.2.1..
 
 It's in woody.. When I came over from Slackware to Debian I installed it 
 and haven't looked back..
 
 The file format was the same from 8.3.* to 9.2.1 I didn't have to do 
 anything..
 
 ---
 Sonny
 
 
 At 01:08 PM 11/12/2002 -0500, Jeff S Wheeler wrote:
 See ISC.ORG for information on new BIND vulnerabilities.  Current bind
 package in woody is 8.3.3, which is an affected version.  Patches are
 not available yet, it seems.
 
 http://www.isc.org/products/BIND/bind-security.html
 
 --
 Jeff S Wheeler   [EMAIL PROTECTED]
 Software DevelopmentFive Elements, Inc
 http://www.five-elements.com/~jsw/
 
 



signature.asc
Description: This is a digitally signed message part

RE: incoming request proxying

2002-11-12 Thread Daniel Hooper 
There's also another package called squidGuard which does it well. The
only issue with it is that it doesn't support webdav very well, (ie,
Outlook Web Access 2000) I do have a perl script for doing reverse
proxying with support for webdav, message me off list if you would like
a copy of it.

Daniel Hooper
Systems Administrator
Emerge Technologies Pty Ltd

-Original Message-
From: Mark Janssen [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, 12 November 2002 8:24 PM
To: Paul Johnson
Cc: debian-isp List
Subject: Re: incoming request proxying

On Tue, 2002-11-12 at 12:09, Paul Johnson wrote:
 Is there a way to make either Apache or Squid (preferrably Squid, but
 I can go either way here) proxy requests from the outside world to
 machines that are inside a network inaccessable to the outside world?
 
 Like, say, requests to /whatever go to host/whatever, where host is
 unreachable outside.

This is called reverse-proxying, and is possible with the
apache-proxying module. You should be able to find all documentation on
the apache website (http://httpd.apache.org/docs)

I've had this working a long time ago on some company servers, but I
can't access those at the moment to copy/paste the correct rules to you.

-- 
Mark Janssen -- maniac(at)maniac.nl -- GnuPG Key Id: 357D2178
Unix / Linux, Open-Source and Internet Consultant @ SyConOS IT
Maniac.nl Unix-God.Net|Org MarkJanssen.org|nl SyConOS.com|nl


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact
[EMAIL PROTECTED]

Re: New BIND 4 8 Vulnerabilities

2002-11-12 Thread Craig Sanders 
On Tue, Nov 12, 2002 at 12:53:51PM -0600, Sonny Kupka wrote:
 Why not use Bind 9.2.1..
 
 It's in woody.. When I came over from Slackware to Debian I installed
 it and haven't looked back..
 
 The file format was the same from 8.3.* to 9.2.1 I didn't have to do
 anything..

is this fully backwards-compatible?

last time i looked at bind9, the zonefile format had some slight
incompatibilities - no problem if you only have a few zonefiles that
need editing, but a major PITA if you have hundreds.

if there are zonefile incompatibilities, is there a script
to assist in converting zonefiles?

craig

-- 
craig sanders [EMAIL PROTECTED]

Fabricati Diem, PVNC.
 -- motto of the Ankh-Morpork City Watch

Re: New BIND 4 8 Vulnerabilities

2002-11-12 Thread gravity 
On Wed, Nov 13, 2002 at 11:04:01AM +1100, Craig Sanders wrote:
 On Tue, Nov 12, 2002 at 12:53:51PM -0600, Sonny Kupka wrote:
  Why not use Bind 9.2.1..
  
  It's in woody.. When I came over from Slackware to Debian I installed
  it and haven't looked back..
  
  The file format was the same from 8.3.* to 9.2.1 I didn't have to do
  anything..
 
 is this fully backwards-compatible?
 
 last time i looked at bind9, the zonefile format had some slight
 incompatibilities - no problem if you only have a few zonefiles that
 need editing, but a major PITA if you have hundreds.
 
 if there are zonefile incompatibilities, is there a script
 to assist in converting zonefiles?
 
 craig sanders [EMAIL PROTECTED]

I have a very straight setup but upgrading to bind 9 was done in under 4 
seconds.
(approx 50 domains). no troubles so far.

-- 

tinus

Re: New BIND 4 8 Vulnerabilities

2002-11-12 Thread Craig Sanders 
On Wed, Nov 13, 2002 at 02:35:44AM +0100, gravity wrote:
 I have a very straight setup but upgrading to bind 9 was done in under
 4 seconds.  (approx 50 domains). no troubles so far.

yep, bind 9.2.x seems a lot better than 9.0 or 9.1.  

it seems to use more memory than bind8.



i'm doing a trial upgrade (on another server by copying over zone files)
right now.

a few little gotchas (e.g. ownership/perms of zonefiles) , but easily
fixed.

i'll probably be ready to upgrade my main dns server in an hour or so.

the main thing i'm worried about is that bind9 had enormous memory leaks
when i tried 9.0 several months ago.  i hope they're fixed now.

craig

-- 
craig sanders [EMAIL PROTECTED]

Fabricati Diem, PVNC.
 -- motto of the Ankh-Morpork City Watch

Re: New BIND 4 8 Vulnerabilities

2002-11-12 Thread Jason Lim 
  I have a very straight setup but upgrading to bind 9 was done in under
  4 seconds.  (approx 50 domains). no troubles so far.

 yep, bind 9.2.x seems a lot better than 9.0 or 9.1.

 it seems to use more memory than bind8.



 i'm doing a trial upgrade (on another server by copying over zone files)
 right now.

 a few little gotchas (e.g. ownership/perms of zonefiles) , but easily
 fixed.

 i'll probably be ready to upgrade my main dns server in an hour or so.

 the main thing i'm worried about is that bind9 had enormous memory leaks
 when i tried 9.0 several months ago.  i hope they're fixed now.


We're still on named 8.3.3-REL-NOESW (currently in stable).

Is it much of a headache to upgrade to 9.2.x? Any particular procedure or
guide you followed that could be read somewhere?

TIA.

RE: New BIND 4 8 Vulnerabilities

2002-11-12 Thread Thiago Lucas 
If you already have the bind-9.2.x source, read the file
doc/misc/migration.

Regards,
--
Thiago Lucas
NOC - Matrix Internet S/A
 


 -Original Message-
 From: Jason Lim [mailto:[EMAIL PROTECTED] 
 Sent: Wednesday, November 13, 2002 1:26 AM
 To: Craig Sanders; gravity
 Cc: debian-isp@lists.debian.org
 Subject: Re: New BIND 4  8 Vulnerabilities
 
 
   I have a very straight setup but upgrading to bind 9 was done in 
   under 4 seconds.  (approx 50 domains). no troubles so far.
 
  yep, bind 9.2.x seems a lot better than 9.0 or 9.1.
 
  it seems to use more memory than bind8.
 
 
 
  i'm doing a trial upgrade (on another server by copying over zone 
  files) right now.
 
  a few little gotchas (e.g. ownership/perms of zonefiles) , 
 but easily 
  fixed.
 
  i'll probably be ready to upgrade my main dns server in an 
 hour or so.
 
  the main thing i'm worried about is that bind9 had enormous memory 
  leaks when i tried 9.0 several months ago.  i hope they're 
 fixed now.
 
 
 We're still on named 8.3.3-REL-NOESW (currently in stable).
 
 Is it much of a headache to upgrade to 9.2.x? Any particular 
 procedure or guide you followed that could be read somewhere?
 
 TIA.
 
 
 -- 
 To UNSUBSCRIBE, email to [EMAIL PROTECTED]
 with a subject of unsubscribe. Trouble? Contact 
 [EMAIL PROTECTED]

Re: New BIND 4 8 Vulnerabilities

2002-11-12 Thread Sonny Kupka 
Only gotcha I remember running into is for some reason when I did an 
uninstall bind 8.* / install bind 9.2.1

For some reason there where 2 bind scripts in /etc/init.d/ one named bind 
and one bind9 it messed with named running right so I killed bind script 
and left the /etc/init.d/bind9

As always.. make a back up of your Master Zone Files and if you run into 
any major problems you have your MZF files to rely on :)

---
Sonny
At 02:26 PM 11/13/2002 +1100, you wrote:
  I have a very straight setup but upgrading to bind 9 was done in under
  4 seconds.  (approx 50 domains). no troubles so far.

 yep, bind 9.2.x seems a lot better than 9.0 or 9.1.

 it seems to use more memory than bind8.



 i'm doing a trial upgrade (on another server by copying over zone files)
 right now.

 a few little gotchas (e.g. ownership/perms of zonefiles) , but easily
 fixed.

 i'll probably be ready to upgrade my main dns server in an hour or so.

 the main thing i'm worried about is that bind9 had enormous memory leaks
 when i tried 9.0 several months ago.  i hope they're fixed now.

We're still on named 8.3.3-REL-NOESW (currently in stable).
Is it much of a headache to upgrade to 9.2.x? Any particular procedure or
guide you followed that could be read somewhere?
TIA.

Re: New BIND 4 8 Vulnerabilities

2002-11-12 Thread Craig Sanders 
On Wed, Nov 13, 2002 at 02:26:25PM +1100, Jason Lim wrote:
 We're still on named 8.3.3-REL-NOESW (currently in stable).
 
 Is it much of a headache to upgrade to 9.2.x? Any particular procedure
 or guide you followed that could be read somewhere?

it's pretty straight-forward.  nowhere near the problem it was in
earlier releases of bind 9.0 and 9.1

you have to do something like chmod -R a+rX /var/cache/bind so that
user 'bind' can read the zonefiles.  you also have to enable write
access in the case of secondary zonefiles and named dump files (e.g. put
secondaries in a subdirectory and make only that subdir writable by user
bind).  dynamic updated zonefiles also have to be writable by bind.

(actually, bind9 9.2.1-2.woody.1 in stable doesn't run as user 'bind',
it still runs as root.  only bind 9.2.x in unstable runs as bind.  i
discovered that when i upgraded a woody server today to woody's bind9)


bind9-doc has a migration file in /usr/share/doc/bind9-doc/misc/ which
explains the differences.  it's stricter in enforcing RFC compliance.


craig

-- 
craig sanders [EMAIL PROTECTED]

Fabricati Diem, PVNC.
 -- motto of the Ankh-Morpork City Watch