Craig White wrote: > On Tue, 2009-08-04 at 08:10 -0700, Eric Shubert wrote: >> Once you have a caching nameserver set up on an orange host, any >> additional servers on the orange subnet can use that resolver as >> well. >> You might need to tweak the config a little to allow other machines >> to >> query it though - I'm not sure how tight the default configuration is >> for caching-nameserver. > ---- > that is probably a bad security risk though if you are careful with > iptables rules, you can be specific about which hosts are allowed to > access port 53 (udp/tcp). > > Craig > > I don't think the risk would be very high: .) IPCop wouldn't allow access from outside of the orange subnet. .) installing chroot-bind reduces the risk as well.
-- -Eric 'shubes' --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
