[H-GEN] problems with accessing mail at bigpond

Robert Brockway robert at timetraveller.org
Sun May 5 23:16:26 EDT 2002 

[ Humbug *General* list - semi-serious discussions about Humbug and     ]
[ Unix-related topics. Posts from non-subscribed addresses will vanish. ]

On Mon, 6 May 2002, Greg Black wrote:

> | If I've delegated a domain recently, I might like to check how propogation
> | is going on remote servers. Granted within 48 hours it should have all
> | happened :)
> 
> Honestly, I don't see this as a legitimate case.  Although

It's still nice to see all is well :)

> | Imagine dual masters with differing views of the
> | zone with no (or imcomplete) network diagrams.  Usually along the lines of
> | internal/external servers - but not a proper split dns.
> 
> This only happens when handled by incompetent admins.  The

I agree.  There are many people who screw dns royally.  I am aware of dns
setups such as the one I mention above in _big_ organisations where the
admins should just know better.  These organisations shall go nameless
to protect the guilty.

Unfortunately in at least one major case I am not in a position to fix it,
but am stuck trying to deal with broken dns from the sidelines :(

> solutions are obvious.  Getting a full, correct, set of DNS
> records is simple, if tedious, grunt work.

And it runs so smothly when setup properly :)

> My reasons are a desire to avoid waste of my bandwidth (as
> previously mentioned), a desire to reduce my exposure to
> possible exploits in name servers, and a desire to avoid being
> sued if my name servers are implicated in a DoS attack of the
> type mentioned in the reference Mark posted where name servers
> can be used to amplify an attack.

I haven't read this yet but will be looking at the article with great
interest.

> I'm not arguing that people should stop using BIND -- the pain
> would be too great for many large installations.  But I do
> strongly advocate that they lock it down as tightly as possible
> before it bites them and that they do not offer general name
> service to outsiders under any circumstances.

It's been an interesting discussion.  I'll be reading the article Mark
posted but you guys might just have convinced me :)
Cheers,
	-Rob

-- Robert Brockway B.Sc. email: robert at timetraveller.org  ICQ: 104781119
   Linux counter project ID #16440 (http://counter.li.org)
   blake: up 116 days, 11:41, 10 users,  load average: 1.00, 1.00, 1.00
   "The earth is but one country and mankind its citizens" -Baha'u'llah


--
* This is list (humbug) general handled by majordomo at lists.humbug.org.au .
* Postings to this list are only accepted from subscribed addresses of
* lists 'general' or 'general-post'.  See http://www.humbug.org.au/

More information about the General mailing list