Craig White wrote:
> On Tue, 2009-08-04 at 08:10 -0700, Eric Shubert wrote:
>> Once you have a caching nameserver set up on an orange host, any 
>> additional servers on the orange subnet can use that resolver as
>> well. 
>> You might need to tweak the config a little to allow other machines
>> to 
>> query it though - I'm not sure how tight the default configuration is 
>> for caching-nameserver.
> ----
> that is probably a bad security risk though if you are careful with
> iptables rules, you can be specific about which hosts are allowed to
> access port 53 (udp/tcp).
> 
> Craig
> 
> 
I don't think the risk would be very high:
.) IPCop wouldn't allow access from outside of the orange subnet.
.) installing chroot-bind reduces the risk as well.

-- 
-Eric 'shubes'

---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss