"E.B. Dreger" wrote: > I disagree. Someone could DoS it once every five seconds.
My point was that the secondary would still be running; yes I suppose I overlooked the fact that you could be DoSsed on both primary and secondary servers, but our servers aren't vulnerable. > Run non-vulnerable software. We do run a non-vulnerable (to this exploit anyway <wry grin>) version of Bind, as does everyone else running stock or close-to-stock RaQs through at leat RaQ4; I don't know about the RaQ XTR or the 550. Is there a DNS server for linux you like better? I'm willing to switch <smile> as long as management is both easy and automatable. We host a lot of master and slave DNS for a lot of clients, and I do need to be as secure as possible. > Consider running honeypots. I'm not sure I understand how I'd do that with DNS. We're in the midst of switching now to a system where the master is behind a firewall, and all the published nameservers are slaves, but I don't believe that's security enough. Jeff -- Jeff Lasman <[EMAIL PROTECTED]> Linux and Cobalt/Sun/RaQ Consulting nobaloney.net P. O. Box 52672, Riverside, CA 92517 voice: (909) 778-9980 * fax: (702) 548-9484 _______________________________________________ cobalt-developers mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-developers
