Date: Mon, 17 Dec 2001 13:41:04 +0000 (GMT) From: Jan Grant <Jan.Grant@bristol.ac.uk> To: Martin Karlsson <martin.karlsson@visit.se> Cc: freebsd-questions <freebsd-questions@freebsd.org> Subject: Re: "private" DNS by-passing my ISPs? (Was: Re: /etc/hosts...) Message-ID: <Pine.GSO.4.31.0112171335110.10975-100000@mail.ilrt.bris.ac.uk> In-Reply-To: <20011217143137.A13740@foo31-249.visit.se>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 17 Dec 2001, Martin Karlsson wrote: > Any particular pitfalls I should avoid when setting one up? A link to a > good tutorial? Everything is welcome... Ironically, http://www.linuxdoc.org/HOWTO/DNS-HOWTO-3.html looks reasonable. I'm also given to understand that djbdns works well in this regard; it's also odds-on to have fewer security concerns than ISC's bind :-/ ...which brings up the other issue; if you're going to use FreeBSD's named then make sure that you keep it up-to-date. jan PS. That's the case for any service you expose to the wide world, which you must do to receive DNS responses. If you're running a firewall, you could get port 53 to respond only to localhost-originated requests, and correspondingly ensure that named avoids port 53 to originate its DNS requests; that might mitigate some potential problems. This is just being careful; there are no issues that I'm aware of with the named in -stable (and when they occur, they generally get dealt with quickly). -- jan grant, ILRT, University of Bristol. http://www.ilrt.bris.ac.uk/ Tel +44(0)117 9287088 Fax +44 (0)117 9287112 RFC822 jan.grant@bris.ac.uk Semantic rules, OK? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.GSO.4.31.0112171335110.10975-100000>