Re: bind9 vs tinydns vs others
Bind 9 is a total revamp of Bind 8. Bind8 had a bunch of security holes in it, so tinyDNS and the others came about. Bind9 was a rewrite from scratch with security as a goal. Bind9 is good for all types of general DNS stuff. Tiny-DNS is probably good for some applications, however you are going to find more documentation on Bind than anything else. http://www.nominum.com/getOpenSourceResource.php?id=6 On 02/12/03 16:46 +0100, David Zejda wrote: what do you prefer for authoritative dns? experiences/stability...? i have no verbose bind knowledge yet. thanks David -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- --- *Theodore Knab *Washington College *Systems Engineer/ Systems Security Officer *Maryland, USA --- The nameless root @washcoll.edu -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: bind9 vs tinydns vs others
Bind 9 is a total revamp of Bind 8. Bind8 had a bunch of security holes in it, so tinyDNS and the others came about. Bind9 was a rewrite from scratch with security as a goal. Bind9 is good for all types of general DNS stuff. Tiny-DNS is probably good for some applications, however you are going to find more documentation on Bind than anything else. http://www.nominum.com/getOpenSourceResource.php?id=6 On 02/12/03 16:46 +0100, David Zejda wrote: what do you prefer for authoritative dns? experiences/stability...? i have no verbose bind knowledge yet. thanks David -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- --- *Theodore Knab *Washington College *Systems Engineer/ Systems Security Officer *Maryland, USA --- The nameless root @washcoll.edu
Re: a new network and a newbie admin
Hello, I have just been nominated in charge for the network inside the student block
I live in.
My problem is the server that I will have to order, as the network is not made yet.
Good for youi. Please wrap lines at 80 characters in the future.
What would you recommend as proxy software?
Try this there are many:
apt-cache search proxy
I think squid is the most popular piece of proxy software, I am not sure
why.
I want to give access only to PCs that are registered in a way.
How should I do that? DHCP + arp for IPs and permit only registered addresses
(IP -MAC pair is registered) ?
Maybe radius or you could setup 2 networks on your switch one none
routable [firewalled net] one [routable net]. Some server in between
would have to give permission and act as a gatekeeper.
My questions are : what should I do to ensure that each computer in the lan will
communicate
at a very good transfer rate with other lan PCs and have a good
transfer rate for browsing the internet?
What is a good transfer rate ?
What are you doing to prevent you transfer rate from becoming bad only when it is in
use ?
The network will have about 130 computers (will not function all at the same time)
that will be connected as in the following figure:
_____S___ISP
___|__
__||
__|__
| | | | | | |
p p p p p p p
each p is a pc, the S is the server
Have you thought of bandwidth mangement ?
You might have to use bandwidth management if you want consistant good transfer rates.
You are creating a lot of work for youself. You might want to break the
problem down to phases so you don't get overwhelmed.
1. Phase 1 - Get every thing up and working [with no users]
a. dhcp server
b. router/firewall
c. everything connected
2. Phase 2 - Drop in a Proxy Server maybe squid [ still w/ no users]
add proxy to firewall or drop in seperate machine between firewall and
interernal net
3. Phase 3 - Drop in a bandwidth shapper and test.
I do this with a bridge using FreeBSD. I am not sure you can do this
with Linux. You should be able to add bw shapping to your
router/firewall.
4. Phase 4 - Setup a system for tracking network connections
radius like server
I am not sure how to do this. I haven't done it yet.
apt-cache search radius
--
---
*Theodore Knab
*Washington College
*Maryland, USA
---
perl -ne'chomp;$a.=packh*,$_;END{print\n$a\n\n}'RM
940216d602160236869636b656e6e2a0
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Woody with Intel S875WP1-E board?
What kernel is Red Hat Linux 8.0 using.
Seeing you are simply trying to get a board to work this is more
of kernel issue than a distribution issue. If you were using something
evil like Cold Fusion, it might be a distribution issue. Of course,
all distribution issues can be worked around with symbolic links and the
proper libraries.
If the Linux kernel supports the hardware, it really does
not matter which Linux distro you use.
Anyone ever tried the Intel S875/S845 main-boards
with Woody? They come with one (two for the 845)
Intel PRO100+ and one Intel PRO1000 XT interface (for the
875) onboard which I find pretty tempting.
According to Intel they are Red Hat* Linux 8.0
compatible...
The 875 chipset is a 82547EI, the 845's a 82550PM.
http://www.intel.com/design/servers/s875wp1-e/
http://www.intel.com/design/servers/buildingblocks/s845wd1-
---
*Theodore Knab
*Washington College
*Maryland, USA
---
perl -ne'chomp;$a.=packh*,$_;END{print\n$a\n\n}'RM
940216d602160236869636b656e6e2a0
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
[support@backup.hmdc.harvard.edu: [hmdc.harvard.edu #4073] FYI: mon]
Some of you might find this one interesting. In a world where IT security sometimes means keeping services out of sight. Both Harvard and MIT advertise everything they have up and running. If I was a cracker running a DOS, I could use this information to monitor the machines I knocked of the network. Additionally, this list has all of the servers that both MIT and Harvard monitor in their data center. The monitoring program being used is called mon. I use it and was digging for info on the cgi interface that displays server info. So, I thought I would warn them with this message: - FYI: A google search on mon brings up your cgi interface for mon. http://www.google.com/search?q=mon+dnshl=enlr=ie=UTF-8oe=UTF-8start=10sa=N [see second page link line six] Your mon program is accessible by the world. With a current world wide population of 6.3 billion you are inviting an attack. http://www.populationmedia.org/ Please lock down access to the following host: http://mon.hmdc.harvard.edu/mon.cgi?command=query_opstatus_full Here is the reply: - Forwarded message from Matthew Cox via RT [EMAIL PROTECTED] - X-RT-Loop-Prevention: hmdc.harvard.edu Subject: [hmdc.harvard.edu #4073] FYI: mon Managed-BY: Request Tracker 2.0.13 (http://www.fsck.com/projects/rt/) From: Matthew Cox via RT [EMAIL PROTECTED] RT-Ticket: hmdc.harvard.edu #4073 Reply-To: [EMAIL PROTECTED] RT-Originator: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Your mon program is accessible by the world. We do intend for it to be publicly available. It allows us to give in depth status to our various patrons. With a current world wide population of 6.3 billion you are inviting an attack. There is no information on that page that couldn't be garned with a quick NMAP scan. Thank you for your concern. Matt -- Matthew P. Cox Senior Systems Administrator / Systems Programmer Harvard-MIT Data Center - End forwarded message - Ted Knab Chester, Maryland -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Vacation ---- auto-reply
The vacation program which I use on our Campus Email server does not do this. To bad more don't use it. From the 'vacation' man page: No message will be sent unless login (or an alias supplied using the -a option) is part of either the ``To:'' or ``Cc:'' headers of the mail. No messages from ``???-REQUEST'', ``Postmaster'', ``UUCP'', ``MAILER'', or ``MAILER-DAEMON'' will be replied to (where these strings are case insensitive) nor is a notification sent if a ``Precedence: bulk'', ``Precedence: list'' or ``Precedence: junk'' line is included in the mail headers. The people who have sent you messages are maintained as a db(3) database in the file .vacation.db in your home directory. I have the vacation program working for our Campus Mailserver. I'm sorry about all the trouble with the auto-reply that everyone is getting, I am disabling this users account now. Again I apologise for the hassle. -- *Theodore Knab *Washington College *Maryland, USA * --- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
