To:
dnsop@cafax.se
From:
"J-F C. (Jefsey) Morfin" <jefsey@club-internet.fr>
Date:
Sat, 22 Feb 2003 17:53:36 +0100
In-Reply-To:
<1045846375.1153.209.camel@red>
Sender:
owner-dnsop@cafax.se
Subject:
Re: Why one port?
Truly, why not to define a DNS.2 system on another set of ports, performing DNS+ services? With resolvers.2 to query them. There would be nothing to change. Just value added. There should only be a program to co-produce the DNS1&2 files. Who wants implement them. The interest is that these two DNS parallel systems would be asynchronously managed. So they could immediately permit to check the validity of a response in one by the other. Since 2 would not be in real operations, it could be considered as a test. But in starting with common services with low additional CPU and complexity, DNS.2 could bring some immediate plus. And produce good field test data. However, I suppose the test could go very fast if DNS.2 "tested" the direct support of Unicode names. Also if the user resolvers had their own root file? I am ready to maintain a DNS wish list on dot-root, to see what could be the suggestions? If they do not make sense we will see it quick, otherwise it would give some ideas to chew. jfc On 17:52 21/02/03, Ed Sawicki said: >On Fri, 2003-02-21 at 01:46, Jim Reid wrote: > > >>>>> "Ed" == Ed Sawicki <ed@alcpress.com> writes: > > > > Ed> I want my systems to be as secure from attack as possible. To > > Ed> me, this means never allowing both functions to be provided by > > Ed> the same codebase. > > > > Fine. But by the same reasoning, you wouldn't want to provide both > > functions on the same box. > >I can run both processes in the same computer safely because each >is running as a different non-root user and each is chrooted to >a different place in the file system. If I'm really paranoid, I >can run each in its own Linux virtual machine (UML) - all the while >using only one IP address. > > > Beats changing the whole internet, no? > >I suspect my response to this comment would be unpopular here. > >-- >Ed Sawicki <ed@alcpress.com> >ALC > >#---------------------------------------------------------------------- ># To unsubscribe, send a message to <dnsop-request@cafax.se>. > > > >--- >Incoming mail is certified Virus Free. >Checked by AVG anti-virus system (http://www.grisoft.com). >Version: 6.0.454 / Virus Database: 253 - Release Date: 10/02/03 #---------------------------------------------------------------------- # To unsubscribe, send a message to <dnsop-request@cafax.se>.