I need help with IPCop.
Eric Shubert
ejs at shubes.net
Tue Aug 4 09:26:46 MST 2009
Craig White wrote:
> On Tue, 2009-08-04 at 08:10 -0700, Eric Shubert wrote:
>> Once you have a caching nameserver set up on an orange host, any
>> additional servers on the orange subnet can use that resolver as
>> well.
>> You might need to tweak the config a little to allow other machines
>> to
>> query it though - I'm not sure how tight the default configuration is
>> for caching-nameserver.
> ----
> that is probably a bad security risk though if you are careful with
> iptables rules, you can be specific about which hosts are allowed to
> access port 53 (udp/tcp).
>
> Craig
>
>
I don't think the risk would be very high:
.) IPCop wouldn't allow access from outside of the orange subnet.
.) installing chroot-bind reduces the risk as well.
--
-Eric 'shubes'
More information about the PLUG-discuss
mailing list