[Systems] [gnu.org #552346] [Fwd: Reverse DNS for translate.sugarlabs.org]

Bernie Innocenti bernie at codewiz.org
Fri Feb 19 11:07:34 EST 2010

Previous message: [Systems] mirrorprobe segfault (was: Re: [Systems-logs] Cron <mirrorbrain at sunjammer> ulimit -c unlimited ; mirrorprobe -t 20)
Next message: [Systems] [support.osuosl.org #11078] New admin account on git.sugarlabs.org
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 2010-02-19 at 09:58 -0500, Ward Vandewege via RT wrote:
> > However, some of our nameservers are also answering recursive
> > queries for LAN clients and localhost.
> 
> Ah - that's generally a bad idea. Mind you, we still do it at the FSF
> too - legacy setup. I'm going to fix that soon-ish here, and split up
> the recursive resolver from the authoritative nameserver.

Yeah, I also didn't know it was discouraged practice when I set up my
first nameservers.

I've read somewhere that it is now possible to keep the recursive and
authoritative resolvers relatively isolated from each other using views:

 http://www.zytrax.com/books/dns/ch7/view.html

The whole DNS security story is very sad... DNSSEC is supposed to plug
all cache poisoning attacks for good, hopefully without introducing new
problems of its own. We'll find out in July if it's true...

-- 
   // Bernie Innocenti - http://codewiz.org/
 \X/  Sugar Labs       - http://sugarlabs.org/

Previous message: [Systems] mirrorprobe segfault (was: Re: [Systems-logs] Cron <mirrorbrain at sunjammer> ulimit -c unlimited ; mirrorprobe -t 20)
Next message: [Systems] [support.osuosl.org #11078] New admin account on git.sugarlabs.org
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Systems mailing list