Russell,
On Sun, 30 Dec 2001, Russell Coker wrote:
Also don't allow recursion from outside machines.
Why does this help?
Another possibility is to have the port for outgoing connections be something
other than 53 (54 seems unused) and use iptables or ipchains to block data
from the
The eaisest and most failsafe way to secure bind is to install djbdns.
Google is your friend.
-Tech
On Sun, 30 Dec 2001, Petre Daniel wrote:
Well,i know Karsten's on my back and all,but i have not much time to
learn,and too many things to do at my firm,so i am asking if one of you has
any
On Sun, Dec 30, 2001 at 12:46:55PM -0500, P Prince wrote:
The eaisest and most failsafe way to secure bind is to install djbdns.
Troll.
Google is your friend.
-Tech
On Sun, 30 Dec 2001, Petre Daniel wrote:
Well,i know Karsten's on my back and all,but i have not much time to
On Sun, 30 Dec 2001 16:17, Jor-el wrote:
On Sun, 30 Dec 2001, Russell Coker wrote:
Also don't allow recursion from outside machines.
Why does this help?
When someone sends a recursive query to your server then they know (with a
good degree of accuracy) what requests are going to be made by
On Sunday 30 December 2001 22:58, Russell Coker wrote:
2.4.x kernels support the --bind option to mount which avoids the syslogd
yep. linux v2.4.x and bind v9.x are easier to set up. debian has almost
out-of-the box chroot solution.
I disagree with the supposed security benefits of disabling
jernej horvat wrote:
[ snip ]
And this is what djb has to say for zone transfers :-)
Zone transfers are an archaic alternative mechanism for copying DNS
information.
http://cr.yp.to/djbdns/faq/axfrdns.html#what
``Zone transfers are an archaic alternative mechanism for copying DNS
On Monday 31 December 2001 01:29, Michael D. Schleif wrote:
...
It is always amazing to me how *intelligent* people try to make their
point by taking other people's words out of context . . .
...
http://cr.yp.to/djbdns/faq/axfrdns.html#what
i added the URL so i that everyone could look it
On Sun, Dec 30, 2001 at 07:31:30PM -0600, Michael D. Schleif wrote:
``By combining all these tools, you can finally approach the
functionality of a trivial rsync script. Wow.''
Enough said . . .
by throwing away all your existing zonefiles, DNS configuration, DNS
tools and a bunch of
Craig Sanders wrote:
On Sun, Dec 30, 2001 at 07:31:30PM -0600, Michael D. Schleif wrote:
``By combining all these tools, you can finally approach the
functionality of a trivial rsync script. Wow.''
Enough said . . .
by throwing away all your existing zonefiles, DNS configuration,
On Sun, 30 Dec 2001, P Prince wrote:
The eaisest and most failsafe way to secure bind is to install djbdns.
Because after djbdns, bind 4.2 looks like a pinnacle of security...
Google is your friend.
Apparently it didn't get you a clue...
-Tech
On Sun, 30 Dec 2001, Petre Daniel wrote:
Russell,
On Sun, 30 Dec 2001, Russell Coker wrote:
Lots of good stuff snipped
Please read my messages carefully before flaming me.
Ack! My apologies. Poor reading and poor wording.
DNS cache machine sents out requests from source port 54 (not obscure - every
administrator of
One phrase, sir:
WTF?!
You fail to make sense.
-Tech
On Sun, 30 Dec 2001, Michael D. Schleif wrote:
jernej horvat wrote:
[ snip ]
And this is what djb has to say for zone transfers :-)
Zone transfers are an archaic alternative mechanism for copying DNS
information.
This is well out of hand, and I've delt with it before, so this is my less
mailing on teh subject.
On Mon, 31 Dec 2001, Craig Sanders wrote:
On Sun, Dec 30, 2001 at 08:34:32PM -0600, Michael D. Schleif wrote:
Craig Sanders wrote:
On Sun, Dec 30, 2001 at 07:31:30PM -0600, Michael D.
Well,i know Karsten's on my back and all,but i have not much time to
learn,and too many things to do at my firm,so i am asking if one of you has
any idea how can bind be protected against that DoS attack and if someone
has some good firewall for a dns server ( that resolves names for internal
-Original Message-
From: Jose [mailto:[EMAIL PROTECTED]
This may not be exactly what you are looking for but you might get away
with:
apt-get install squidclient
snip
Cheers, that progam helped alot. I have now written a short script to
achieve what I wanted, which is to list by
On Sun, 30 Dec 2001 11:18, Petre Daniel wrote:
Well,i know Karsten's on my back and all,but i have not much time to
learn,and too many things to do at my firm,so i am asking if one of you has
any idea how can bind be protected against that DoS attack and if someone
has some good firewall for a
Russell,
On Sun, 30 Dec 2001, Russell Coker wrote:
Also don't allow recursion from outside machines.
Why does this help?
Another possibility is to have the port for outgoing connections be something
other than 53 (54 seems unused) and use iptables or ipchains to block data
from the
The eaisest and most failsafe way to secure bind is to install djbdns.
Google is your friend.
-Tech
On Sun, 30 Dec 2001, Petre Daniel wrote:
Well,i know Karsten's on my back and all,but i have not much time to
learn,and too many things to do at my firm,so i am asking if one of you has
any
Jor-el wrote:
Another possibility is to have the port for outgoing connections be
something
other than 53 (54 seems unused) and use iptables or ipchains to block data
from the outside world coming to port 53.
[...]
Of course, in the case of DNS servers, you could be OK, since you
I was wondering if anyone is running Blackboard on Debian ?
The specs say designed for Redhat 6.2, but I would rather use Debian if
possible.
It appears that all the packages are availble in source, so I am assuming this
wouldn't
be a problem.
-Ted
On Sunday 30 December 2001 18:46, P Prince wrote:
The eaisest and most failsafe way to secure bind is to install djbdns.
If you have nothing to say - do not speak.
--
Configuration options for BIND are listed on
http://www.isc.org/products/BIND/docs/config/
List of URL that might be usefull
On Sun, 30 Dec 2001 16:17, Jor-el wrote:
On Sun, 30 Dec 2001, Russell Coker wrote:
Also don't allow recursion from outside machines.
Why does this help?
When someone sends a recursive query to your server then they know (with a
good degree of accuracy) what requests are going to be made by
On Sun, 30 Dec 2001 22:02, jernej horvat wrote:
On Sunday 30 December 2001 18:46, P Prince wrote:
The eaisest and most failsafe way to secure bind is to install djbdns.
If you have nothing to say - do not speak.
Perhaps a discussion of the relative merits of djbdns and bind is in order.
I
thank you all very much.
you're right.if one doesn't have anything useful to say i'll recommand him
to let others help..
thx guys.
At 10:02 PM 12/30/01 +0100, jernej horvat wrote:
On Sunday 30 December 2001 18:46, P Prince wrote:
The eaisest and most failsafe way to secure bind is to install
Hello,
On Sun, 30 Dec 2001, Russell Coker wrote:
On Sun, 30 Dec 2001 22:02, jernej horvat wrote:
On Sunday 30 December 2001 18:46, P Prince wrote:
The eaisest and most failsafe way to secure bind is to install djbdns.
If you have nothing to say - do not speak.
Heh, I didn't send a
On Sunday 30 December 2001 22:58, Russell Coker wrote:
2.4.x kernels support the --bind option to mount which avoids the syslogd
yep. linux v2.4.x and bind v9.x are easier to set up. debian has almost
out-of-the box chroot solution.
I disagree with the supposed security benefits of disabling
jernej horvat wrote:
[ snip ]
And this is what djb has to say for zone transfers :-)
Zone transfers are an archaic alternative mechanism for copying DNS
information.
http://cr.yp.to/djbdns/faq/axfrdns.html#what
``Zone transfers are an archaic alternative mechanism for copying DNS
On Monday 31 December 2001 01:29, Michael D. Schleif wrote:
...
It is always amazing to me how *intelligent* people try to make their
point by taking other people's words out of context . . .
...
http://cr.yp.to/djbdns/faq/axfrdns.html#what
i added the URL so i that everyone could look it up.
jernej horvat wrote:
On Monday 31 December 2001 01:29, Michael D. Schleif wrote:
...
It is always amazing to me how *intelligent* people try to make their
point by taking other people's words out of context . . .
...
http://cr.yp.to/djbdns/faq/axfrdns.html#what
i added the URL so i
On Sun, Dec 30, 2001 at 07:31:30PM -0600, Michael D. Schleif wrote:
``By combining all these tools, you can finally approach the
functionality of a trivial rsync script. Wow.''
Enough said . . .
by throwing away all your existing zonefiles, DNS configuration, DNS
tools and a bunch of
Craig Sanders wrote:
On Sun, Dec 30, 2001 at 07:31:30PM -0600, Michael D. Schleif wrote:
``By combining all these tools, you can finally approach the
functionality of a trivial rsync script. Wow.''
Enough said . . .
by throwing away all your existing zonefiles, DNS configuration,
On Sun, 30 Dec 2001, P Prince wrote:
The eaisest and most failsafe way to secure bind is to install djbdns.
Because after djbdns, bind 4.2 looks like a pinnacle of security...
Google is your friend.
Apparently it didn't get you a clue...
-Tech
On Sun, 30 Dec 2001, Petre Daniel wrote:
On Monday 31 December 2001 03:34, Michael D. Schleif wrote:
http://cr.yp.to/distributors.html
Because of that policy there are no precompiled packages of djbdns, because:
You may distribute a precompiled package if
- installing your package produces exactly the same files, in exactly
On Sun, Dec 30, 2001 at 08:34:32PM -0600, Michael D. Schleif wrote:
Craig Sanders wrote:
On Sun, Dec 30, 2001 at 07:31:30PM -0600, Michael D. Schleif wrote:
``By combining all these tools, you can finally approach the
functionality of a trivial rsync script. Wow.''
Enough said . . .
Russell,
On Sun, 30 Dec 2001, Russell Coker wrote:
Lots of good stuff snipped
Please read my messages carefully before flaming me.
Ack! My apologies. Poor reading and poor wording.
DNS cache machine sents out requests from source port 54 (not obscure - every
administrator of every
One phrase, sir:
WTF?!
You fail to make sense.
-Tech
On Sun, 30 Dec 2001, Michael D. Schleif wrote:
jernej horvat wrote:
[ snip ]
And this is what djb has to say for zone transfers :-)
Zone transfers are an archaic alternative mechanism for copying DNS
information.
Hey,
On Mon, 31 Dec 2001, Craig Sanders wrote:
On Sun, Dec 30, 2001 at 07:31:30PM -0600, Michael D. Schleif wrote:
``By combining all these tools, you can finally approach the
functionality of a trivial rsync script. Wow.''
Enough said . . .
by throwing away all your existing
This is well out of hand, and I've delt with it before, so this is my less
mailing on teh subject.
On Mon, 31 Dec 2001, Craig Sanders wrote:
On Sun, Dec 30, 2001 at 08:34:32PM -0600, Michael D. Schleif wrote:
Craig Sanders wrote:
On Sun, Dec 30, 2001 at 07:31:30PM -0600, Michael D. Schleif
38 matches
Mail list logo