OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: unknown_client_reject_code = 5xx?
From: Bennett Todd (betrahul.net)
Date: Wed Sep 20 2000 - 11:41:14 CDT


2000-09-01-13:23:34 Wietse Venema:
> In that case I could not use dnscache even if I wanted to, since
> I often spend time inside someone's firewalled network.

If you spend time needing to use a recursive resolver on some other
machine, then you can't use dnscache when you're there; when I find
myself in that circumstance, I use the forwarding resolver built
into my libc, and just put the firewall's resolver in my
/etc/resolv.conf.

> It should be possible to configure dnscache to use a trusted
> forwarder.

Not dnscache; it's there for a different job. If you have no
security needs, and just want to cache the data which you presume is
trustworthy from some other recursive resolver, use BIND, or nscd,
or whatever grooves you.

-Bennett


  • application/pgp-signature attachment: stored