> > DNS is another issue. I would suggest you use djbdns ( > http://cr.yp.to/djbdns.html ) rather than Bind, as it will allow you to > decide what you want and only what you want to have it do, and will use > significantly less resources on your gateway machine. It is easier to > configure, less prone to attacks, and breaks less often :) > > You can implement a DNS cache, that is a forwarding only cache. It asks > another DNS server (your ISP's) for all its requests and cache's the > responses (dnscache). It is not a DNS server. You could however > implement a full resolver (dnscache again) that actually resolves DNS > names from the root-servers down. This means you won't rely on your > ISP's name server and your name-server is immune to cache-poisoning. > This uses more traffic though (it has to recursively resolve from the > root-servers down. It caches responses of course). But I have found it > works fine over a 56k dialup. > > You may also, while you are at it, implement your own local DNS server > for internal use (tinydns) so that internal machines and their names are > all resolved via an internal only DNS. >
I use maradns for the same reasons. I have an internal lan with names (no need to keep /etc/hosts up to date) and it also acts as a cache. mara seems quite secure and has a more palatable license and author. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
