Re: Securing bind..

On Sunday 30 December 2001 18:46, P Prince wrote: > The eaisest and most failsafe way to secure bind is to install djbdns. If you have nothing to say - do not speak. -- Configuration options for BIND are listed on http://www.isc.org/products/BIND/docs/config/ List of URL that might be usefull

Re: Securing bind..

On Sunday 30 December 2001 22:58, Russell Coker wrote: > 2.4.x kernels support the --bind option to mount which avoids the syslogd yep. linux v2.4.x and bind v9.x are easier to set up. debian has almost out-of-the box chroot solution. > I disagree with the supposed security benefits of disablin

Re: Securing bind..

On Monday 31 December 2001 01:29, Michael D. Schleif wrote: <...> > It is always amazing to me how *intelligent* people try to make their > point by taking other people's words out of context . . . <...> > > http://cr.yp.to/djbdns/faq/axfrdns.html#what i added the URL so i that everyone could loo

Re: Securing bind..

On Monday 31 December 2001 03:34, Michael D. Schleif wrote: > Because of that policy there are no precompiled packages of djbdns, because: "You may distribute a precompiled package if - installing your package produces exactly the same files, in exact

Re: MacOS, Debian router and ADSL/PPPoE (OT Net Tuner does not work for HTTP)

On Wednesday 30 January 2002 17:44, Stephane Bortzmeyer wrote: > It seems clearly MTU-related. but if NAT gw machine has MTU already set do 1492, then there is no need for "NATed" clients to change MTU. i call pppoe with "-m 1412". if this helps you... -- -- To UNSUBSCRIBE, email to [EMAIL

iptables + MSS (adsl)

http://www.hgfelger.de/mss/mss.html -- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: BGP4/OSPF routing daemon for Linux?

On Thursday 28 February 2002 23:37, Tommy van Leeuwen wrote: > 'free' so i would choose zebra if i ever needed bgp or ospf on linux > again. I remember licence costs of gated were as much as a huge cisco few there is also BIRD and MRT. -- "Unix IS user friendly...It's just selective about who

Re: debian install on software raid

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wednesday 02 October 2002 23:56, valerian wrote: > Does Debian have or plan to provide a method to install directly onto a > RAID device? read this simple text at http://tnt.aufbix.org/linux/raid/ hope it helps - -- "Unix IS user friendly...It

Re: DNS zone file audit tool

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thursday 31 October 2002 09:37, Emile van Bergen wrote: > Have you also looked at djbdns' dnstrace tool? there is also dlint, dnswalk and dnstracer. there are some online zone checkers: http://zonecheck.ipsec.se/ http://www.ripe.net/cgi-bin/nph

Re: can't find src for bind 9

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wednesday 13 November 2002 18:36, Andrew P. Kaplan wrote: > Unable to find the src file for Bind9 at ftp.isc.org checked /isc/bind/src > only found 4.x * 8.x why don't you do it the `debian way` ? apt-get source bind9 - -- "We should not be tryi

Re: DNS servers

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tuesday 19 November 2002 15:34, Russell Coker wrote: > So this leaves DNS caching as the only reason for BIND. Is there a DNS > server that does caching better than BIND? djbdns/tinydns IS faster, but problem i had with it are the distribution p

Re: DNS servers

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tuesday 19 November 2002 19:15, Nate Campi wrote: > > djbdns/tinydns IS faster, > Careful with statements like "foo is faster" unless you can back it up. Well... i tried bind 8/9 and djb on same hw (os: linux) and it was faster. I used queryperf (

Re: DNS servers

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tuesday 19 November 2002 23:14, Donovan Baarda wrote: > I am successfuly using pdnsd for DNS caching on; a small network (4 hosts + > 2 dialins) Bigger systems can't afford to change or experiment with sw. OTOH it would also help if clients would

djb and multiple IPs

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ave. I have a question about djbdns - can i have one control file for all IP's/interfaces that i have on one system ? - -- -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE92sRLEyTmlrVpUvwRAlUbAKCO8ZbPR9inTZNXHR/NqYSY86OT6wC

djb debian packages

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 If someone wants to give it a try http://smarden.org/pape/Debian/ - -- -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE92spfEyTmlrVpUvwRAkV9AKCqixN8hx2VX23YHml9e0MQ/J3qpQCfXcU2 jvOnH4LrM7WW5snOc0l0EJo= =FvlV -END PGP SIGNAT

Fwd: security.debian.org down

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Forwarded Message -- Subject: security.debian.org down Date: Wed, 20 Nov 2002 10:28:46 +0100 (MET) From: Pieter-Paul Spiertz <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Hi, security.debian.org (aka non-us.debian.org aka satie.deb

Re: DNS servers

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wednesday 20 November 2002 20:43, D. J. Bernstein wrote: > Let's try a concrete example. With djbdns, to authorize clients with IP > address 10.*, you touch /service/dnscache/root/ip/10. With BIND, you > edit named.conf and add something to the all

maradns and multiple IPs

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Just for info: http://www.maradns.org/faq.html#ips >How do I get MaraDNS to bind to multiple IP addresses? >The current method is to run multiple copies of MaraDNS, each using its own >mararc file. damn. :-/ - -- -BEGIN PGP SIGNATURE- Ver

syslog-ng

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thursday 21 November 2002 02:38, Russell Coker wrote: > Does multilog allow filtering log messages to determine which ones are > worth logging to disk? That's the only feature that I'd like to see in > syslog. Then you might try http://www.balabi

DNS server wishlist

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ave. what i would like from a good dns server: - - (djb dns) speed - - bind zone file compatibility or tools to convert them easely - - sql/ldap/db support - - support for rsync/scp "zone transfer" - - different operations (zone xfr, forwarding) sho

Re: syslog-ng

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thursday 21 November 2002 13:08, Craig Sanders wrote: > IIRC, the last time i looked at syslog-ng, it had no ability to write > log files asynchronously which made it unsuitable for use on heavy-load > servers - e.g. medium to large ISP mail server

Re: routing policy

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Monday 25 November 2002 01:02, Donovan Baarda wrote: > the ISDN stuff is a mess... stuff scattered between /etc/isdn/ and > /etc/ppp. man interfaces "The ppp Method This method uses pon/poff to configure a PPP interface. See those commands fo

Re: backup

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Monday 16 December 2002 17:57, Thomas Krennwallner wrote: > I'm using Amanda as network backup solution and I like it very much. amanda is ok, but making it work trough firewalls is p.i.t.a. :-/ - -- "We should not be trying to use technical sol

Re: amanda backup

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tuesday 17 December 2002 10:49, Torbjorn Pettersson wrote: > I haven't looked into how well it is implemented, so I can't > really say anything about it, but it is possible to compile it > to use kerberos authentication. I don't think authenticat

Re: best NIC Speed

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Saturday 11 January 2003 14:20, Michelle Konzack wrote: > I am use since 1988 only 3Com Cards and never had problems with it... Well eversince i use 3com i had problems with it (novell, os/2...). I doesn't work well under heavy load. Might be the

Re: Securing bind..

On Sunday 30 December 2001 18:46, P Prince wrote: > The eaisest and most failsafe way to secure bind is to install djbdns. If you have nothing to say - do not speak. -- Configuration options for BIND are listed on http://www.isc.org/products/BIND/docs/config/ List of URL that might be usefull i

Re: Securing bind..

On Sunday 30 December 2001 22:58, Russell Coker wrote: > 2.4.x kernels support the --bind option to mount which avoids the syslogd yep. linux v2.4.x and bind v9.x are easier to set up. debian has almost out-of-the box chroot solution. > I disagree with the supposed security benefits of disabling

Re: Securing bind..

On Monday 31 December 2001 01:29, Michael D. Schleif wrote: <...> > It is always amazing to me how *intelligent* people try to make their > point by taking other people's words out of context . . . <...> > > http://cr.yp.to/djbdns/faq/axfrdns.html#what i added the URL so i that everyone could look

Re: Securing bind..

On Monday 31 December 2001 03:34, Michael D. Schleif wrote: > Because of that policy there are no precompiled packages of djbdns, because: "You may distribute a precompiled package if - installing your package produces exactly the same files, in exactl

Re: debian install on software raid

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wednesday 02 October 2002 23:56, valerian wrote: > Does Debian have or plan to provide a method to install directly onto a > RAID device? read this simple text at http://tnt.aufbix.org/linux/raid/ hope it helps - -- "Unix IS user friendly...It'

Re: DNS zone file audit tool

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thursday 31 October 2002 09:37, Emile van Bergen wrote: > Have you also looked at djbdns' dnstrace tool? there is also dlint, dnswalk and dnstracer. there are some online zone checkers: http://zonecheck.ipsec.se/ http://www.ripe.net/cgi-bin/nph

Re: can't find src for bind 9

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wednesday 13 November 2002 18:36, Andrew P. Kaplan wrote: > Unable to find the src file for Bind9 at ftp.isc.org checked /isc/bind/src > only found 4.x * 8.x why don't you do it the `debian way` ? apt-get source bind9 - -- "We should not be tryi

Re: DNS servers

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tuesday 19 November 2002 15:34, Russell Coker wrote: > So this leaves DNS caching as the only reason for BIND. Is there a DNS > server that does caching better than BIND? djbdns/tinydns IS faster, but problem i had with it are the distribution p

Re: DNS servers

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tuesday 19 November 2002 19:15, Nate Campi wrote: > > djbdns/tinydns IS faster, > Careful with statements like "foo is faster" unless you can back it up. Well... i tried bind 8/9 and djb on same hw (os: linux) and it was faster. I used queryperf (

Re: DNS servers

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tuesday 19 November 2002 23:14, Donovan Baarda wrote: > I am successfuly using pdnsd for DNS caching on; a small network (4 hosts + > 2 dialins) Bigger systems can't afford to change or experiment with sw. OTOH it would also help if clients would

djb and multiple IPs

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ave. I have a question about djbdns - can i have one control file for all IP's/interfaces that i have on one system ? - -- -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE92sRLEyTmlrVpUvwRAlUbAKCO8ZbPR9inTZNXHR/NqYSY86OT6wC

djb debian packages

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 If someone wants to give it a try http://smarden.org/pape/Debian/ - -- -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE92spfEyTmlrVpUvwRAkV9AKCqixN8hx2VX23YHml9e0MQ/J3qpQCfXcU2 jvOnH4LrM7WW5snOc0l0EJo= =FvlV -END PGP SIGNAT

Fwd: security.debian.org down

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Forwarded Message -- Subject: security.debian.org down Date: Wed, 20 Nov 2002 10:28:46 +0100 (MET) From: Pieter-Paul Spiertz <[EMAIL PROTECTED]> To: debian-security@lists.debian.org Hi, security.debian.org (aka non-us.debian.or

Re: DNS servers

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wednesday 20 November 2002 20:43, D. J. Bernstein wrote: > Let's try a concrete example. With djbdns, to authorize clients with IP > address 10.*, you touch /service/dnscache/root/ip/10. With BIND, you > edit named.conf and add something to the all

maradns and multiple IPs

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Just for info: http://www.maradns.org/faq.html#ips >How do I get MaraDNS to bind to multiple IP addresses? >The current method is to run multiple copies of MaraDNS, each using its own >mararc file. damn. :-/ - -- -BEGIN PGP SIGNATURE- Ver

syslog-ng

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thursday 21 November 2002 02:38, Russell Coker wrote: > Does multilog allow filtering log messages to determine which ones are > worth logging to disk? That's the only feature that I'd like to see in > syslog. Then you might try http://www.balabi

DNS server wishlist

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ave. what i would like from a good dns server: - - (djb dns) speed - - bind zone file compatibility or tools to convert them easely - - sql/ldap/db support - - support for rsync/scp "zone transfer" - - different operations (zone xfr, forwarding) sho

Re: syslog-ng

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thursday 21 November 2002 13:08, Craig Sanders wrote: > IIRC, the last time i looked at syslog-ng, it had no ability to write > log files asynchronously which made it unsuitable for use on heavy-load > servers - e.g. medium to large ISP mail server

Re: spammers using my domain as their "reply-to:"

Thursday 31 of July 2003 15:51, Dale E. Martin > > Is there anything I can do to combat this? depends what "reply-to" addresses they are using. maybe you can block those with some receipent_maps in postfix. i hope you don't use multidrop mailboxes (if you use postfix then also use local_recipi

Re: Dovecot

Tuesday 09 of September 2003 08:55, Adrian von Bidder > > Yep, exactly. Coming from uw-imapd, this is exactly the kind of thing I was > missing. mbox type mail storage ? uh oh... it brings system down when a user with XXX mails opens his mbox. Maildir (courier.) or cyrus mail storage is bett

Re: Sendmail or Qmail ? Postfix!

Monday 08 of September 2003 04:00, Craig Sanders > > difficult to learn, just a PITA and completely unlike any other unix tools, - does not support de-facto logging standard - syslog - does not support CIDR - does not support IPV6 ... > that it is far more important for his programs to be consis

Re: Dovecot

Thursday 11 of September 2003 20:34, Raúl Alexis Betancort Santana > > That could be do better with a Network Distributed FS, like coda, > intermenzzo, GFS, etc. Or use LMTP delivery do "final destination" and have lmtpd run on (multiple) mailbox servers. -- "I'd love to go out with you, but

Re: Mail Queue timeouts

Thursday 23 October 2003 06:12, Lauchlin Wilkinson > > What are other people doing? sticking to RFCs. O:-) i would not lower it under 3daysjust in case the remote mail server brakes on weekend. -- Only a fool fights in a burning house. -- Kank the Klingon, "Day of the

Re: bind9 vs tinydns vs others

Wednesday 03 December 2003 15:36, Marcel Hicking > > To throw into something different: > PowerDNS works fine with MySQL as a backend http://isp-lists.isp-planet.com/isp-dns/0310/msg00048.html short version :) i use nsd for authoritive dns servers and bind9 for recursive. -- -- To UNSUBS

Re: Mail Queue timeouts

Thursday 23 October 2003 06:12, Lauchlin Wilkinson > > What are other people doing? sticking to RFCs. O:-) i would not lower it under 3daysjust in case the remote mail server brakes on weekend. -- Only a fool fights in a burning house. -- Kank the Klingon, "Day of the

Re: bind9 vs tinydns vs others

Wednesday 03 December 2003 15:36, Marcel Hicking > > To throw into something different: > PowerDNS works fine with MySQL as a backend http://isp-lists.isp-planet.com/isp-dns/0310/msg00048.html short version :) i use nsd for authoritive dns servers and bind9 for recursive. --