--- "Miguel A.L. Paraz" <[EMAIL PROTECTED]> wrote:
>>
> The only thing that comes into mind is transaction
> security and other
> crypto extensions to DNS. On the other hand, I
> don't use these right
> now but I plan to use the signed zone transfers and
> resolver queries to
> prevent spoofing.
http://cr.yp.to/djbdns/forgery.html
it's worth the read
>
> Well I admit that BIND is the norm for me because
> I've been using it
> for years and I haven't had the chance to personally
> study the alternatives.
> Teach us then :)
nah i find you people better equiped to teach ( i.e i
find you personally as one of the best I.T. people in
the country ) i'm not kissing your ass i know your
work
:)
( some members of plug already use djbdns )
> Well in my experience BIND 9.1 has been running
> smoothly.
very good then :) if things work smoothly then no need
to try and change anything.
>
> Indeed, well, it's good you bring these up so that
> PLUG folks
> would get a chance to try out djbdns. I could, but
> it's nontrivial
> with our setup.
yeah people should if they have the time (i.e again
some members of plug are already djbdns users )
>
> > put aside DJB's ego and his flames and put your
> > thoughts on his work ( people tend to shy away
> from
> > his work because of his ego )
>
> Actually, I have no problems with his ego or his
> person. It's just that
> I've seen a whole of DJB ware that require you to
> subscribe to his philosophy
> of how Unix tools should work. (e.g. to install
> qmail you need his package X
> and Y instead).
because he wants you to use something better :)
hehe but as qmail wants you to use tcpserver it also
supports inetd and xinetd :)
then again i know your point
This is opposed to say, Postfix,
> another MTA written from
> scratch, but with painless configuration in mind.
qmail is as (painless to configure or install as any
MTA ( i.e i tried postfix a year ago but it did not
appeal to me i was having a hard time configuring it
to use ldap
ofcourse anything new is hard at first ( if you don't
read docs/faqs and other stuff )
>
> If you're a hobbyist or have a small system to
> maintain, you can afford to
> spend a lot of time to tweak your setup. On a
> production system with
> lots of paying customers, ease of use, maintenance,
by the way djbdns is used by the second and third
largest dns servers in the internet i read it
somewhere but i can't remember the url ( hopefully im
not wrong )
visit http://cr.yp.to/djbdns.html read the faq's the
security guarantee blah blah blah it's worth the read
specially if you are not doing anything
> lots of paying customers, ease of use, maintenance,
i dunno i find doing ./add-ns ./add-mx ./add-host
./add-etcblahblah then do a make afterwards easier to
use than editing bunch of files the giving named a hup
or running ndc restart
http://cr.yp.to/djbdns/ad/easeofuse.html
> and trainability for new
> staff comes into play.
> Sometimes, you just have to measure the cost of
> being hacked * the probability
> vs the cost of implementing new ware.
yes ofcourse we all know that being hacked is always
the worst scenario (i.e. tell me what would you do if
the cracker/script kiddy rm -rf / all of your servers?
)
is it as worth as training people to use new ware or
the cost of downtime??
Security isn't just a goal, but an absolute
requirement.
That's
> Management 101 for us free
> software users.
hrmm funny though i thought i was a free software user
djbdns and qmail is free with strict licensing or then
again maybe i am not i should rethink.
-Dek
http://cr.yp.to/djbdns.html ||
http://cr.yp.to/qmail.html
ahh don't mind me im just bored!!!
__________________________________________________
Do You Yahoo!?
Get personalized email addresses from Yahoo! Mail
http://personal.mail.yahoo.com/
_
Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
To subscribe to the Linux Newbies' List: send "subscribe" in the body to
[EMAIL PROTECTED]
