On Fri, Oct 06, 2000 at 12:34:00AM +0200, Thomas Voss wrote: > Anyway, even if bind would run on the firewall box, the problem would > remain the same, i.e. bind would send a UDP packet which has to bring up > the line (forcing a new IP for the interface), and which therefore leaves > with the wrong source address. I really can't answer your question. When I was on a dialup, I didn't use MASQ/firewall. It worked fine (although I used dnscache). One solution would be to increase the idle time of the dialer. > JLF> Use something like dnscache, > JLF> (it's smaller, uses less memory, and is more secure). > > Thank you for your hint, I actually appreciate alternatives. But this > makes me curious: Why should it be more secure, provided that bind is > configured properly? BIND can't be configured properly enough to be secure. The developers gave up on the current version, and rewrote BINDv9 from the ground up, and they still don't take security seriously (http://www.linuxsecurity.com/feature_stories/conrad_vixie-1.html). You can read up on djbdns (dnscache is part of the package) at http://cr.yp.to/djbdns.html You shouldn't worry too much about it, though, since you are on a dialup system. Still dnscache use a fraction of what BIND does, so, really, what's the point? -- John______________________________________________________________________ email: john@fjellstad.org Quis custodiet ipsos custodes icq: thales @ 17755648 ##### I'm subscribed to this list, no need to cc: ######
Attachment:
pgpkJB4cb9SU5.pgp
Description: PGP signature