[svlug] to hosts or not to hosts

Rick Moen rick at linuxmafia.com
Mon Jan 26 20:14:16 PST 2009


Quoting James Sparenberg (james at linuxrebel.org):

> Local DNS allows me to limit DNS crossing my border to specific
> systems and has gone a long way to preventing rootkits.

I assume you mean "has gone a long way towards preventing intrusions
that leave, as one of the lesser aftereffects, rootkits".  (A rootkit
is, as you know, a set of gimmicked software designed to hide the 
intruder's presence and let him/her re-enter if you kick him/her out.)
http://linuxmafia.com/~rick/lexicon.html#moenslaw-security3

I very much agree with you:  I've _much_ rather run a local recursive
nameserver (the need for a local authoritative server being less
universal), on any size LAN, rather than rely on (e.g.) ISP nameservers,
which as a rule have really bad performance, reliability, and security. 

The slower and more congested that LAN's connection to the rest of the
world, the more performance benefits from running such as nameserver.
Ironically, the people most standing to benefit are, as a rule, the
least inclined to run them.

-- 
Cheers,              Crypto lets someone say "Hi! I absolutely definitely have 
Rick Moen            a name somewhat like the name of a large familiar 
rick at linuxmafia.com  organization, and I'd like to steal your data!" and lots 
McQ!  (4x80)         of users will say "OK, fine, whatever."    -- John Levine 




More information about the svlug mailing list