Craig White wrote:
> On Tue, 2009-08-04 at 08:10 -0700, Eric Shubert wrote:
>> Once you have a caching nameserver set up on an orange host, any
>> additional servers on the orange subnet can use that resolver as
>> well.
>> You might need to tweak the config a little to allow other machines
>> to
>> query it though - I'm not sure how tight the default configuration is
>> for caching-nameserver.
> ----
> that is probably a bad security risk though if you are careful with
> iptables rules, you can be specific about which hosts are allowed to
> access port 53 (udp/tcp).
>
> Craig
>
>
I don't think the risk would be very high:
.) IPCop wouldn't allow access from outside of the orange subnet.
.) installing chroot-bind reduces the risk as well.
--
-Eric 'shubes'
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
(text/plain)