Re: named on lenny

To: debian-isp@lists.debian.org
Subject: Re: named on lenny
From: Matus UHLAR - fantomas <uhlar@fantomas.sk>
Date: Wed, 11 Mar 2009 10:35:28 +0100
Message-id: <[🔎] 20090311093528.GA20664@fantomas.sk>
Mail-followup-to: debian-isp@lists.debian.org
In-reply-to: <[🔎] Pine.LNX.4.21.0903111022270.29877-100000@student.dicea.unifi.it>
References: <[🔎] 20090311085857.GA19748@fantomas.sk> <[🔎] Pine.LNX.4.21.0903111022270.29877-100000@student.dicea.unifi.it>

> On Wed, 11 Mar 2009, Matus UHLAR - fantomas wrote:
> > You should better turn off recursive service for everyone and allow only
> > authorized clients (either by their IP, or by their TSIG).
> > The above is NOT the only reason not to provide recursive DNS to anyone.

On 11.03.09 10:26, Leonardo Boselli wrote:
> how to do it ? I cannot authorize by IP only since the hosts that require
> this services are known machines, but these can get any address.
> these are laptops that can plug in any network, some of which with poor
> DNS. setting bys TSIG ... how to ? (portables have WinXP, Debian-Linux or
> ubuntu). 

local caching server with forwarders set to your DNS (TSIG allowed).
Note that DNS may be firewalled or intercepted, although it's not very
common. But I recommend fixing broken DNS servers instead.
-- 
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety. -- Benjamin Franklin, 1759

Reply to:

References:
- Re: named on lenny
  - From: Matus UHLAR - fantomas <uhlar@fantomas.sk>
- Re: named on lenny
  - From: Leonardo Boselli <leo@dicea.unifi.it>

Prev by Date: Re: named on lenny
Next by Date: suEXEC witch mod_userdir
Previous by thread: Re: named on lenny
Next by thread: suEXEC witch mod_userdir
Index(es):
- Date
- Thread