On Sunday 30 December 2001 22:58, Russell Coker wrote: > 2.4.x kernels support the --bind option to mount which avoids the syslogd yep. linux v2.4.x and bind v9.x are easier to set up. debian has almost out-of-the box chroot solution.
> I disagree with the supposed security benefits of disabling zone transfers, Why? Do you need the whole zone when you just need to resolve one host or IP ? Do you give away all your personal data when someone asks you for your name ? And this is what djb has to say for zone transfers :-) "Zone transfers are an archaic alternative mechanism for copying DNS information." http://cr.yp.to/djbdns/faq/axfrdns.html#what - > "iptables/ipchains blocks access to port 53 from untrusted IPs " What you can also do with "bogus" option in BIND. Or with ACLs and allow-query. --
