TCLUG Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [TCLUG:22990] Services needed



Not to mention the licensing scheme he chooses.

...


* Austad, Jay <austad@marketwatch.com> [001021 14:37]:
> I used to run Bind for my DNS at home, and since I moved I've just been
> using granitecanyon.com for my domains instead.  If you run bind, you have
> to be vigilant in watching security advisories for it, and I'm sure there's
> some unpublished exploits floating around for it too.  
> 
> If you must run a nameserver, and you want a secure alternative, try Dan
> Berstein's djbdns at http://cr.yp.to.  However, it's a pain to set up, and
> if you want to modify any code, it's not commented at all.  You'll spend 90%
> of your time trying to figure out what he's trying to do.  Dan's a very
> ingenious programmer, he just neglects to document anything.  There's still
> a $1000 reward for finding "any" security holes with it.
> 
> Bind 9 is supposed to be much more secure than Bind 8, but I haven't tried
> it yet.  I'd be wary of something that 99.9% of organizations have not
> adopted yet.  It's only been out for a few weeks too.  To crackers, finding
> an exploit in it isn't worth it yet since no one is using it.
> 
> Jay
> 
> 
> 
> -----Original Message-----
> From: Jay W. Anderson [mailto:jwanderson@uswest.net]
> Sent: Saturday, October 21, 2000 10:11 AM
> To: tclug-list@mn-linux.org
> Subject: Re: [TCLUG:22990] Services needed
> 
> 
> On 21 Oct 00, at 9:59, Dave Sherohman wrote:
> 
> > 
> > Probably wise...  (Take a look at exim, too.)
> > 
> OK
> 
> > > DNS (caching or otherwise)?
> > 
> > If you've got your own domain, you'll probably want to run your own
> primary
> > DNS for it and get Real-Time (or one of the free DNS services) to do
> > secondary for you.  Just read the DNS-HOWTO; it's not difficult to set up.
> > 
> 
> > > possibly www & ftp (not anonymous) at some point (apache & one of the
> > > 	ftpd's  )
> > 
> > Yeah, you're probably going to want an httpd, and apache's the tool of
> choice
> > there.
> > 
> My thoughts as well
> 
> > If you don't want to offer anon ftp and you're running ssh[1], take a look
> at
> > sftp.  It's basically just the ftp protocol run over an ssh connection.
> Very
> > nice, friendlier than scp, and with all the security of ssh.  And it's not
> > yet-another-daemon-running-as-root.
> > 
> I'll look into this
> 
> > [1]  You've probably heard it from Amy already, but, just in case, here it
> is
> > from me:  DON'T run a telnetd unless absolutely necessary.  Run sshd
> instead.
> 
> I did know that.  But thanks for the reminder.
> 
> Anything eles that I need to think about?
> 
> Thanks, 
> 
> Jay
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tclug-list-unsubscribe@mn-linux.org
> For additional commands, e-mail: tclug-list-help@mn-linux.org
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tclug-list-unsubscribe@mn-linux.org
> For additional commands, e-mail: tclug-list-help@mn-linux.org
> 

-- 
Scott Dier <dieman@ringworld.org> #nicnac@efnet 
http://www.ringworld.org/  finger:dieman@destiny.ringworld.org

<CmdrTaco:#kuro5hin> SLSAHDOT IS ALWAYS NEWS FOR NERDS.

PGP signature