"sysquery" error
Larry Sheldon
lsheldon at creighton.edu
Thu Dec 14 15:58:45 UTC 2000
> On Wed, Dec 13, 2000 at 09:01:52PM -0600, Larry Sheldon wrote:
> > This is the first time (as far as I can remember--certainly the first
> > time I have understood) the harm that might be done. As I said, I've
> > tried listing them all, listing only the registered ones, and most
> > of the numerically possible combinations in between.
>
> Suggestion: limit yourself to two at your site that are unlikely to be
> down at the same time. Have the off-site three treat both as
> "masters". List all 5 in NS records. Make sure that the eduNIC has
> the exact same information (the 5).
I thunk that is what I have now.
> > I'm not sure what the "In fact . . . " sentence is saying. I am of the
> > opinion that every machine that will support a name server along with
> > what ever it does for a living is a happier machine and its neighbors
> > on the network will be happier about it as well (especially for the
> > machines whose work is mostly intra-domain). Am I wrong there
> > too? And I'll need some help understanding that as well.
>
> There are Organisations that require that a name server machine run no
> other network services. This is to prevent a name server from being
> subverted by the machine being "owned" by a hacker/cracker coming in
> via another service. While these Organisations are in the business of
> being professionally paranoid, there is some benefit in considering
> this scenario.
We don't have staff enough to do that--the primary doesn't have anything else
running on it to speak of, but all of the rest are machines-with-a-job that
run a nameserver (supposedly) for there own benifit.
> Machines running unlisted name servers to cache lookups for their own
> benefit are another matter. They may or may not be helpful. It
> depends on whether the pain of doing a network lookup is slower than
> the slowdown induced by having a memory hog like 'named' co-resident in
> memory. Often the network lookup can be faster!
That is an interesting observation. At one time the network was so congested
that taking any traffic off of it was a Good Thing, but I ought to revisit
to see if I still think that.
--
-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-
. .
- L. F. (Larry) Sheldon, Jr. -
. Unix Systems and Network Administration .
- Creighton University Computer Center-Old Gym -
. 2500 California Plaza .
- Omaha, Nebraska, U.S.A. 68178 Two identifying characteristics -
. lsheldon at creighton.edu of System Administrators: .
- 402 280-2254 (work) Infallibility, and the ability to -
. 402 681-4726 (cellular) learn from their mistakes. .
- 402 332-4622 (residence) -
. http://www.creighton.edu/~lsheldon Adapted from Stephen Pinker .
-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-
More information about the bind-users
mailing list