[conspire] DNS software (was: corrected to HP LaserJet4M Plus Re: HP LaserJet4 - CUPS lists printer twice)

Don Marti dmarti at zgp.org
Mon Aug 31 06:21:57 PDT 2009


begin Rick Moen quotation of Sun, Aug 30, 2009 at 11:52:36AM -0700:

> As you'll see in my notes, lwresd's unmaintained code since circa 2002.
> I recommend against it.  Which is a pity, because BIND9 + lwresd is one
> solution to a thorny problem:

I just need a recursive nameserver on that box.
Right now it's just set up with "listen-on"
in named.conf.options to deny it to the outside,
but I don't trust visitors not to bring some nasty
malware onto the home network.  I should probably
replace it with dnsmasq or unbound, and free up a
bunch of memory.

> Ultimately, the only real solution may be to IP-alias a second IP onto
> one's machine, so you can have a nameserver of each type able to listen
> to port 53, each on its respective IP.

That also gives you the ability to set up the firewall
rules differently.  Of course if everyone did this
we wouldn't be able to use other people's nameservers
as a poor man's CDN to distribute uuencoded files in
TXT records, but what can you do?

-- 
Don Marti                                 +1 510-332-1587 mobile
http://zgp.org/~dmarti/
dmarti at zgp.org




More information about the conspire mailing list