[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: named on lenny

> On Wed, 11 Mar 2009, Matus UHLAR - fantomas wrote:
> > You should better turn off recursive service for everyone and allow only
> > authorized clients (either by their IP, or by their TSIG).
> > The above is NOT the only reason not to provide recursive DNS to anyone.

On 11.03.09 10:26, Leonardo Boselli wrote:
> how to do it ? I cannot authorize by IP only since the hosts that require
> this services are known machines, but these can get any address.
> these are laptops that can plug in any network, some of which with poor
> DNS. setting bys TSIG ... how to ? (portables have WinXP, Debian-Linux or
> ubuntu). 

local caching server with forwarders set to your DNS (TSIG allowed).
Note that DNS may be firewalled or intercepted, although it's not very
common. But I recommend fixing broken DNS servers instead.
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety. -- Benjamin Franklin, 1759

Reply to: