On Sun, Feb 04, 2001 at 04:12:36PM +1100, Duncan Maitland <[EMAIL PROTECTED]> wrote:
> I noted with interest a few betas ago (I think it was beta 2) that the
> "Hostnames and addresses" panel had entries for both internal and external
> IP addresses (and you could set the address to "self" to automatically
> assign the server's IP address - presumably for a dynamic IP situation). Was
> this intended to act as a fully-fledged DNS server, so you could host your
> own DNS records?
No - we have no plans to run a "full" DNS server on the e-smith server and
gateway. The spate of BIND security announcements just reinforce our
opinion in this regard, as well as the requirement of having multiple DNS
for a domain, which is hard to enforce when installing one server.
However, the Hostnames and Addresses panel was written with thought
about the issues involved in split-horizon DNS, and so it will make it fairly
easy for someone to do so if they wish.
> After the recent BIND security alert, was the package upgraded to the latest
> BIND 8 or to BIND 9?
> [...]
The latest BIND8. Although BIND9 is meant to be a drop-in replacement, we
did not have sufficient time to test so as to decide whether to go that way.
> (I haven't yet installed the next release of e-smith,
> so I couldn't find out.) BIND 9.1 has the facility to enable multiple
> "views" of the DNS namespace on different interfaces which would suit such a
> situation as outlined above, where the "Hostnames and addresses" panel would
> enable internal and external addresses to be defined.
Sure, although I am still strongly in favour of running two completely
separate DNS servers if this is your need - one for internal resolution
and one for external resolution. We are seriously looking at djbdns to
replace BIND. For example, it has proper segmentation of the DNS caching
and DNS serving functions, always runs in a chroot() jail without
privelege, and its configuration syntax is very easy to generate.
> [...]
> I'm planning to test it with the multiple "views"
> feature and (when I get the time) try and integrate it into the "Hostnames
> and addresses" panel - I'll keep the list posted on how I go.
Fair enough.
> Also, I just wanted to comment on how much e-smith has improved since I
> started using version 4.0 - thanks to the e-smith team for all the great
> work.
Thank you - we have been busy.
Gordon
--
Gordon Rowell [EMAIL PROTECTED]
http://www.e-smith.org (development) http://www.e-smith.com (corporate)
Phone: +1 (613) 564 8000 ext. 4378 Fax: +1 (613) 564 7739
e-smith, inc. 1500-150 Metcalfe St, Ottawa, ON K2P 1P1 Canada
