bind

Bret Busby bret at clearsol.iinet.net.au
Fri Feb 25 11:21:29 WST 2000


Christian wrote:
> 
> John Summerfield wrote:
> >
> > > Bret Busby wrote:
> > > > Answers:
> > > > On my computer (RH 5.2) bind-8.1.2-5
> > > > On firewall/gateway (RH 6.0) bind-8.2-6
> > >
> > > Are these DNS servers doing anything useful?  I'll assume the answer is
> > > 'no'...
> >
> > You'd be wrong.

Wrong!  (Not Christian wrong)

> 
> Yeah, you're right -- I could be wrong.  That's why I stated that it was
> an assumption.  Still, it's a fair assumption don't you think?
> 
> 1. As I understand it, the network is a small internal network with a
> dialup connection.  The only use of a DNS server would be a caching-only
> server and, even then, only on the gateway machine.  Therefore my
> assumption has to be at least half right.
> 
> 2. Bret wasn't aware that he was even running the DNS servers... it
> would therefore seem questionable that they are doing anything useful
> (although, of course, someone else may have set them up but they appear
> to have set it up badly considering there is no need for a DNS server to
> be running on the internal workstation).

No, Christian, you were right, on both points.

Your understanding in point one, first sentence waas correct.

We are not using a DNS, for anything useful, and we were not wittingly running
DNS's.

We do not have a permanent connection to the Internet, and we did not wittingly
set up a DNS; we have no need for one, from what we understand.

What we need to do, is disable bind. (We have not got around to doing anything
about it, yet. Hopefully, this weekend...)

I believe the problem was, when we installed Linux on each of the machines, we
were not sufficiently discriminate about what we installed, which goes back to
the original point, which was, I believe, that some distributions by default,
or, without sufficient investigation by the installer, install all kinds of
wondrous packages, of which, not all are needed, and, in this case, as
indicated, that can pose a security risk, if my understanding is correct.

And, for those not already aware, the advice was, and is, appreciated.

-- 

Bret Busby

........................................



More information about the plug mailing list