On Sat, 27 Jan 2007, [EMAIL PROTECTED] wrote: > Also, I have seen secure environments that don't even have DNS access so > they are configured with IPs or hostnames in /etc/hosts, our 'pool > oriented' solution wouldn't help much.
A variant : DNS access is provided but the DNS doesn't have internet access. All zones for which we wish to provide access have to be configured (e.g. hardcoded) in the internal DNS. If internet connections are possible at all, they are limited to given IPs at the firewall level, example : allow outgoing connection to port udp 123 to : 192.5.41.40 18.26.4.105 209.51.161.238 206.223.0.15 18.145.0.30 132.163.4.102 My point is that some environments just don't trust external DNS lookups so our 'pool oriented' solution would not help them. Say I have the company superSecure.com, logic thing to do is to set up 2 stratum 0 device to provide time for my internal network. Still I would like to configure the following as spares, should my devices fail : 192.5.41.40 18.26.4.105 209.51.161.238 206.223.0.15 18.145.0.30 132.163.4.102 And at the firewall level, I will allow outgoing connections only to these IPs. When my 2 stratum 0 devices are working correctly, I do not want any external traffic to take place because external traffic generates specific logging... -Louis _______________________________________________ timekeepers mailing list [email protected] https://fortytwo.ch/mailman/cgi-bin/listinfo/timekeepers
