[Systems] [Fwd: please change resolv.conf on sugarlabs machines]

Bernie Innocenti bernie at codewiz.org
Sat Jun 5 13:28:03 EDT 2010


El Sat, 05-06-2010 a las 10:09 +0000, Sascha Silbe escribió:
> Excerpts from Bernie Innocenti's message of Fri May 28 21:04:43 +0000 2010:
> 
> > Note: we can't use ns1.sugarlabs.org and ns2.sugarlabs.org as they
> > recursive queries are disallowed.
> treehouse uses sunjammer (ns2) and it works fine, but IMO we should
> change that. It's always a good idea to keep those functions
> (content servers and recursive resolvers) separated. It's easy enough
> for a "trusted" client to "accidently" poison your cache (e.g. mail
> server doing lookups on the HELO/EHLO host name).

Agreed, we should not use ns[12].sugarlabs.org as caching nameservers,
although all modern DNS servers implement effective counter-measures
against the old cache poisoning attacks.


> idea			unknown (console not working)
> mapspress		unknown (needs root password)
>monitoring		unknown (needs root password)
>aslo-web		unknown (needs root password)
>sharing		unknown (needs root password)
>schooltool		unknown (needs root password)

I don't have passwords for any of these. Dogi?


> ole			unknown (needs root password)

I don't have this one either. Chris?


> zatoichi		unknown (needs root password)

Neither this one. Raul?

>rt			unknown (needs root password)

Luke?


>launchpad		unknown (needs root password)
>pootle			unknown (needs root password)

I'll send you these by private email.

Don't forget the templates.


> Besides configuring all VMs to allow root login without
> password on the console (that's only accessible to root
> on the host anyway, so no risk)

Agreed. 


>  it's probably a good
> idea to set up a recursive resolver (e.g. dnscache ;) )
> on housetree, treehouse and bender.

Agreed.

-- 
   // Bernie Innocenti - http://codewiz.org/
 \X/  Sugar Labs       - http://sugarlabs.org/



More information about the Systems mailing list