On Monday, November 11, 2002, at 07:22 PM, Jim Tarvid wrote:
Do you use openssh? Theo and co. write good code too... Theo's a little on the arrogant side as well.1) find a named replacementdjbdns is nice. And fast. And secure. And fast.DJB writes good code. It is the arrogance I have trouble with.
I don't let an author's attitude sway me from using their product, provided I'm not paying for it. They're providing a free "service", so I allow for a little leniency. Those who know me well know I can be a little short at times.. I'm sure I've been called all kinds of names in my time. I sure hope that doesn't mean they don't use security updates just because I package them. =)
At any rate, I use djbdns because there is nothing better for my needs. I'm confident that it will work, as advertised, all of the time. I've not been let down in over a year now. Since I don't have to deal with DJB in order to use his code, I ignore the fact he can be a little on the... <ahem>.. annoying side.
Ok, so in 8.2 you used BIND8, and in 9.0 you're using BIND9, right? The obvious change is BIND8->BIND9. I would suspect if you built BIND8.x from source and put it on your 9.0 box, it would behave as expected.I didn't have this problem with 8.2 either. I didn't ahve this problem untilAny of these would work, except for the last one. I don't think it's2) move named to a separate server 3) not start either on boot up and write a script to make sure the zones load properly before starting httpd 4) abandon mandrake as a server OS
Mandrake that is causing your problem... I've got djbdns running on
all three webservers, each with their own local cache, and two of them
as DNS servers for the domains I host. No problems at all, and they
run, boot up, shut down, etc. all without problems. The servers are
all mdk8.2, so I'm quite certain that #4 probably wouldn't make much
difference. Moving named to a seperate server, or replacing named with
something else (<hint>djbdns</hint> would probably be your best
solutions.
BING 9.x.
I took a look at MyDNS and it would fit nicely with my RBL system (which isCan't postfix do that? Not that I know much about postfix, but I was sure I heard or read somewhere that it could do that already. Could easily be wrong.
in MySQL). Now if I could get postfix to log to MySQL I could blacklist on
the fly.
That would be worth some effort.
So you use your DNS server for RBL? Neat. I know a fellow locally who has done the same thing use djbdns and qmail... =)
Unfortunately, I haven't pestered him for details so I can't say how easy/hard it would be to do, and it certainly wouldn't involve MySQL at all (which is probably a good thing in the overall scheme of things if performance is a high priority).
--
MandrakeSoft Security; http://www.mandrakesecure.net/
"lynx -source http://linsec.ca/vdanen.asc | gpg --import"
{FE6F2AFD: 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD}
PGP.sig
Description: PGP signature
