also sprach Eduard Ballester <ballester@ipsistemas.com> [2003.03.14.1717 +0100]: > BIND 9.2.x of course, ugh. > * DNS Security > DNSSEC (signed zones) > TSIG (signed DNS requests) TSIG: there may well be patches to djbdns. However, for internal clients, IPsec is really the way to go. > One server process can provide multiple "views" of the DNS > namespace, e.g. an "inside" view to certain clients, and an > "outside" view to others. djbdns can do that. nevertheless, this is not a feature but a hack. if you need two DNS servers for internal and external hosts, run them separately. there is no reason to make them share a process! > You can configure it in chroote jail > http://www.linuxsecurity.com/docs/LDP/Chroot-BIND-HOWTO.html http://www.bpfh.net/simes/computing/chroot-break.html -- Please do not CC me when replying to lists; I read them! .''`. martin f. krafft <madduck@debian.org> : :' : proud Debian developer, admin, and user `. `'` `- Debian - when you have better things to do than fixing a system Keyserver problems? http://keyserver.kjsl.com/~jharris/keyserver.html Get my key here: http://people.debian.org/~madduck/gpg/330c4a75.asc
Attachment:
pgpTi9Am2D1q8.pgp
Description: PGP signature