Yeah, that sucks for reasons I don't even want to begin to get into. -----Original Message----- From: Scott Dier [mailto:dieman at ringworld.org] Sent: Saturday, October 21, 2000 3:26 PM To: 'tclug-list at mn-linux.org' Subject: Re: [TCLUG:22990] Services needed Not to mention the licensing scheme he chooses. ... * Austad, Jay <austad at marketwatch.com> [001021 14:37]: > I used to run Bind for my DNS at home, and since I moved I've just been > using granitecanyon.com for my domains instead. If you run bind, you have > to be vigilant in watching security advisories for it, and I'm sure there's > some unpublished exploits floating around for it too. > > If you must run a nameserver, and you want a secure alternative, try Dan > Berstein's djbdns at http://cr.yp.to. However, it's a pain to set up, and > if you want to modify any code, it's not commented at all. You'll spend 90% > of your time trying to figure out what he's trying to do. Dan's a very > ingenious programmer, he just neglects to document anything. There's still > a $1000 reward for finding "any" security holes with it. > > Bind 9 is supposed to be much more secure than Bind 8, but I haven't tried > it yet. I'd be wary of something that 99.9% of organizations have not > adopted yet. It's only been out for a few weeks too. To crackers, finding > an exploit in it isn't worth it yet since no one is using it. > > Jay > > > > -----Original Message----- > From: Jay W. Anderson [mailto:jwanderson at uswest.net] > Sent: Saturday, October 21, 2000 10:11 AM > To: tclug-list at mn-linux.org > Subject: Re: [TCLUG:22990] Services needed > > > On 21 Oct 00, at 9:59, Dave Sherohman wrote: > > > > > Probably wise... (Take a look at exim, too.) > > > OK > > > > DNS (caching or otherwise)? > > > > If you've got your own domain, you'll probably want to run your own > primary > > DNS for it and get Real-Time (or one of the free DNS services) to do > > secondary for you. Just read the DNS-HOWTO; it's not difficult to set up. > > > > > > possibly www & ftp (not anonymous) at some point (apache & one of the > > > ftpd's ) > > > > Yeah, you're probably going to want an httpd, and apache's the tool of > choice > > there. > > > My thoughts as well > > > If you don't want to offer anon ftp and you're running ssh[1], take a look > at > > sftp. It's basically just the ftp protocol run over an ssh connection. > Very > > nice, friendlier than scp, and with all the security of ssh. And it's not > > yet-another-daemon-running-as-root. > > > I'll look into this > > > [1] You've probably heard it from Amy already, but, just in case, here it > is > > from me: DON'T run a telnetd unless absolutely necessary. Run sshd > instead. > > I did know that. But thanks for the reminder. > > Anything eles that I need to think about? > > Thanks, > > Jay > > --------------------------------------------------------------------- > To unsubscribe, e-mail: tclug-list-unsubscribe at mn-linux.org > For additional commands, e-mail: tclug-list-help at mn-linux.org > > --------------------------------------------------------------------- > To unsubscribe, e-mail: tclug-list-unsubscribe at mn-linux.org > For additional commands, e-mail: tclug-list-help at mn-linux.org > -- Scott Dier <dieman at ringworld.org> #nicnac at efnet http://www.ringworld.org/ finger:dieman at destiny.ringworld.org <CmdrTaco:#kuro5hin> SLSAHDOT IS ALWAYS NEWS FOR NERDS. --------------------------------------------------------------------- To unsubscribe, e-mail: tclug-list-unsubscribe at mn-linux.org For additional commands, e-mail: tclug-list-help at mn-linux.org