bind8, libpcap, tcpdump
dagmar at speakeasy.net
Fri Nov 22 03:04:46 PST 2002
On Tue, 2002-11-19 at 15:35, Steve Wolfe wrote:
> > It's worth noting that to anyone who follows the principle of least
> > privlege to the letter when designing subsystems,
> > ...at the top of the named.conf, add an ACL (access control list) like:
> > ...and in the options section of the named.conf, we add:
> > At the top of our named.conf, we'd be adding a new ACL like this...
> > ...we'd be using an ACL to globally disable zone transfers, and then
> > we'd have a zone entry that looked a bit like this...
> Geez. Imagine a car dealer telling you "No, it won't blow up on you,
> as long as you take these five basic steps to customize the engine...."
Your analogy is woefully incorrect. From where I sit, it's more like
telling people their car will last longer if they avoid driving it into
solid objects or bodies of water. Just because someone _can_ toss
together a five line named.conf does not mean that's the intelligent
thing to do.
Unsubscribe: send email to listar at linuxfromscratch.org
and put 'unsubscribe lfs-security' in the subject header of the message
More information about the lfs-security