To:
Ed Sawicki <ed@alcpress.com>
Cc:
Kandra Nygårds <kandra@foxette.net>, dnsop@cafax.se
From:
Brad Knowles <brad.knowles@skynet.be>
Date:
Sat, 22 Feb 2003 23:22:33 +0100
In-Reply-To:
<1045855468.1155.247.camel@red>
Sender:
owner-dnsop@cafax.se
Subject:
Re: Why one port?
At 11:24 AM -0800 2003/02/21, Ed Sawicki wrote:
> Many people are using /28 and /29 nets and some have only a single
> IP address assigned to them by, in some cases, the only ISP in town.
> Yet, they want to take control of their DNS _and_ not be prone to
> attacks such as cache poisoning. Why should they be forced to use
> up two precious or non-existent IP addresses when the limitation
> is really artificial?
In that case, they can run a recursive resolver on 127.0.0.1 and
the authoritative server on their officially assigned IP address.
Just because they've got only one officially assigned IP address
doesn't mean that they can't run both a caching recursive resolver
and an authoritative server on the same box.
I still recommend separating the services and running them on
separate machines (where possible), but you can run two copies of the
nameserver on the same machine, each listening to different IP
addresses.
--
Brad Knowles, <brad.knowles@skynet.be>
"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
-Benjamin Franklin, Historical Review of Pennsylvania.
GCS/IT d+(-) s:+(++)>: a C++(+++)$ UMBSHI++++$ P+>++ L+ !E-(---) W+++(--) N+
!w--- O- M++ V PS++(+++) PE- Y+(++) PGP>+++ t+(+++) 5++(+++) X++(+++) R+(+++)
tv+(+++) b+(++++) DI+(++++) D+(++) G+(++++) e++>++++ h--- r---(+++)* z(+++)
#----------------------------------------------------------------------
# To unsubscribe, send a message to <dnsop-request@cafax.se>.