Re: Securing bind..
One phrase, sir:
"WTF?!"
You fail to make sense.
-Tech
On Sun, 30 Dec 2001, Michael D. Schleif wrote:
>
> jernej horvat wrote:
> >
>
> [ snip ]
>
> > And this is what djb has to say for zone transfers :-)
> >
> > "Zone transfers are an archaic alternative mechanism for copying DNS
> > information."
> >
> > http://cr.yp.to/djbdns/faq/axfrdns.html#what
>
> ``Zone transfers are an archaic alternative mechanism for copying DNS
> information. Instead of immediately sending new data to the slaves, you
> run a zone-transfer service that accepts periodic connections from the
> slaves; your users complain while they're waiting for the slaves to
> check for new data. The zone-transfer protocol isn't a modular
> file-transfer system; it is an ad-hoc system tied to the details of DNS.
> The protocol has terrible compression and no security. Every new zone on
> the master requires manual reconfiguration of the slaves. Zone transfers
> lose all information about client differentiation and scheduled record
> changes.''
>
> It is always amazing to me how *intelligent* people try to make their
> point by taking other people's words out of context . . .
>
> Notice, that bind, current or not, has no answers to djb's concerns, as
> expressed in his complete paragraph ;>
>
> [ snip ]
>
> --
>
> Best Regards,
>
> mds
> mds resource
> 888.250.3987
>
> Dare to fix things before they break . . .
>
> Our capacity for understanding is inversely proportional to how much we
> think we know. The more I know, the more I know I don't know . . .
>
>
> --
> To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
Reply to: