On Tue, Feb 20, 2001 at 07:33:15AM -0500, Burke, Thomas G. wrote:
> I looked at my available packages, & one of these days, should I finally
> decide to set up a caching DNS, I have the 8.2.3 packages.
When you do, you may want to consider setting up a "hidden primary".
Find somebody (or somebodies) who can provide 2 secondaries; there
are free sites, some organizations like the CLOUT project of Uniforum
Chicago, friends, etc. Report _those_ to the NIC as your nameservers;
on your systems, they are reported as secondaries. Set your firewall
to only accept connections on 53 from these approved secondaries.
You now have, under your local control, a nameserver that can only be
accessed from your secondaries, but from which you can control your
domain's content. Your secondaries satisfy all 'Net DNS requests.
Even if new vulnerabilities in bind are discovered, only by first cracking
your secondaries, then discovering that you're there, and that you have
to be accessed from that (secondary) machine's IP, could you be exposed.
Cheers,
--
Dave Ihnat
[EMAIL PROTECTED]
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
