headers
Sean Whitney | 1 Sep 2008 01:30
Picon

DNS question

I have a webserver / DNS server in my DMZ, which servers up different DNS
results depending on the source.  So external DNS queries to my domain get
my public IP, while DNS queries from my internal network to the server
returns the internal DMZ IP address.

What do I need to do to have my local DNS servers (those in my internal
network) look first at the DMZ server for DNS resolution (for these domains)
and if it doesn't return something (say for google) then look on the
Internet.

I don't think this is a forwarder entry in the named.conf file, as this is
what I would do for all DNS resolution.

Or is there another method I should be using.

Sean

--

-- 
sean.whitney <at> gmail.com
Permalink | Reply | 2 comments |
headers
rae l | 1 Sep 2008 03:26
Picon
Gravatar

on Linux Kernel Summit and Linux Plumbers Conference 2008

I want to know if there are some special activity about KS2008 and LPC2008,

this year they are both held in Portland,

http://www.linuxfoundation.org/events/kernel

Or you will collaborate with LinuxFoundation stuff?

--

-- 
Denis ChengRq
Linux Application Developer

High-Tech Industrial Park, Shenzhen, China
Tel: +86 755 2699 3377 -2122
Fax: +86 755 2699 3387
H: www.uitstor.com

"One of my most productive days was throwing away 1000 lines of code."
 - Ken Thompson.
Permalink | Reply | 3 comments |
headers
robinson-west user | 1 Sep 2008 03:34

Re: DNS question

On Sun, 2008-08-31 at 16:30 -0700, Sean Whitney wrote:
> I have a webserver / DNS server in my DMZ, which servers up different DNS
> results depending on the source.  So external DNS queries to my domain get
> my public IP, while DNS queries from my internal network to the server
> returns the internal DMZ IP address.
> 
> What do I need to do to have my local DNS servers (those in my internal
> network) look first at the DMZ server for DNS resolution (for these domains)
> and if it doesn't return something (say for google) then look on the
> Internet.
> 
> I don't think this is a forwarder entry in the named.conf file, as this is
> what I would do for all DNS resolution.
> 
> Or is there another method I should be using.
> 
> 
> Sean

     // Root server hints.
     zone "."{
           type hint;
           file "db.cache";
     };

Should go in your local view if you are using Bind 9.
The db.cache file is a list of the root nameservers on
the Internet and it needs to be kept up to date.  Your
local and external view should share the same db.cache.
(Continue reading)

Permalink | Reply | 0 comments |
headers
Ronald Chmara | 1 Sep 2008 08:38
Picon
Gravatar

Re: DNS question


On Aug 31, 2008, at 4:30 PM, Sean Whitney wrote:

> I have a webserver / DNS server in my DMZ, which servers up  
> different DNS
> results depending on the source.  So external DNS queries to my  
> domain get
> my public IP, while DNS queries from my internal network to the server
> returns the internal DMZ IP address.
>
> What do I need to do to have my local DNS servers (those in my  
> internal
> network) look first at the DMZ server for DNS resolution (for these  
> domains)
> and if it doesn't return something (say for google) then look on the
> Internet.
>
> I don't think this is a forwarder entry in the named.conf file, as  
> this is
> what I would do for all DNS resolution.
>
> Or is there another method I should be using.

Sounds like a split-horizon situation to me, with the horizon master  
set as the default querying server... only you're adding in a layer  
of *multiple* split horizons, where the DMZ server knows about this  
internal/external situation, but other internal severs are blind to  
this, or only *some* of the servers know the split-horizon results?

Is there some technical reason for running a flock of different DNS
(Continue reading)

Permalink | Reply | 0 comments |
headers
David Mandel | 2 Sep 2008 05:27

ANNOUNCEMENT: September PLUG Meeting

                            MEETING ANNOUNCEMENT

                       The Portland Linux/Unix Group
                                 will meet
                         7 PM Thursday Sep 4, 2008
                                     at
                         Portland State University
                                   in the
                              Fariborz Maseeh
             College of Engineering & Computer Science Building
                              Room FAB 86-01
                       (This is in the basement.)
          The building is on SW 4th across from SW College Street.
       See location H-10 on map at http://pdxLinux.org/campus_map.jpg

    *******************************************************************

                                PRESENTATION

                    Building Open Source Communities

                                     by

            Selena Deckelmann      and     Gabrielle Roth
         <selenamarie <at> gmail.com>         <gorthx <at> gmail.com>

    Gabrielle Roth and Selena Deckelmann who presented "Running a
    Successful User Group" at OSCON 2008 will be discussing ways
    to build and maintain Open Source Communities.  Their
    emphasis will be in building real in-person communities
(Continue reading)

Permalink | Reply | 2 comments |
headers
Rich Shepard | 2 Sep 2008 15:03
Favicon

Postfix Linux-only local denial of service (fwd)

   FYI

Rich

-- 
Richard B. Shepard, Ph.D.               |  Integrity            Credibility
Applied Ecosystem Services, Inc.        |            Innovation
<http://www.appl-ecosys.com>     Voice: 503-667-4517      Fax: 503-667-8863

---------- Forwarded message ----------
Date: Tue, 2 Sep 2008 08:52:44 -0400 (EDT)
From: Wietse Venema <wietse <at> porcupine.org>

An on-line version of this announcement is available at
http://www.postfix.org/announcements/20080902.html

Summary:
========
Postfix 2.4 and later, on Linux kernel 2.6, is vulnerable to a denial of
service attack by a local user. There is no breach of data confidentiality
or data integrity. This problem was found by the Postfix author during
routine source code maintenance.

Discussion:
===========
Postfix is an open-source mail transfer agent (MTA) that runs on multiple
types of UNIX systems.  Postfix 2.4 (released 2007) introduces input/output
event handling based on high-performance primitives: BSD kqueue (also
present in MacOS X), Linux epoll, and Solaris /dev/poll.  These implement
more scalable event handling than the older select() and poll() primitives.
(Continue reading)

Permalink | Reply | 0 comments |
headers
Alan | 2 Sep 2008 22:34

Re: on Linux Kernel Summit and Linux Plumbers Conference 2008

On Mon, 2008-09-01 at 09:26 +0800, rae l wrote:
> I want to know if there are some special activity about KS2008 and LPC2008,
> 
> this year they are both held in Portland,
> 
> http://www.linuxfoundation.org/events/kernel
> 
> Or you will collaborate with LinuxFoundation stuff?
> 

There is nothing I know of planned with the local uers group community.
The Kernel Summit is invite only via the kernel list.  LPC is expensive
unless you are a student.  Neither group seem interested in user group
participation.  (Unless David know something I am not aware of...)
Permalink | Reply | 2 comments |
headers
Chris Roberts | 3 Sep 2008 02:06

Re: Xubuntu/Thunderbird Outbound Mail

-------- Original Message --------
Subject: Re: [PLUG] Xubuntu/Thunderbird Outbound Mail
From: Rich Shepard <rshepard <at> appl-ecosys.com>
To: General Linux/UNIX discussion and help; civil and on-topic 
<plug <at> lists.pdxlinux.org>
Date: 08/30/2008 02:43 PM

> On Fri, 29 Aug 2008, wes wrote:
> 
>> It's true that mail functionality is not broken, but my point is that you're
>> not likely to break said mail functionality by playing with saslauthd.
> 
> Wes,
> 
>    Somewhere a directory had incorrect permissions.
> 
>> If that is the case, you may want to consider finding another way to
>> authenticate that host.
> 
>    I had not tried to enable SASL authorization until the most recent postfix
> upgrade. Since there is only one affected user, and we had no security
> issues over the preceeding years, I just disabled the check.
> 
>    Her mail flows outbound once again and I can use the time for more
> important things ... such as client work.
> 
> Many thanks!
> 
> Rich
>
(Continue reading)

Permalink | Reply | 1 comment |
headers
Rich Shepard | 3 Sep 2008 02:27
Favicon

Re: Xubuntu/Thunderbird Outbound Mail

On Tue, 2 Sep 2008, Chris Roberts wrote:

> Since you have disabled it anyway, this is probably of little use, but I
> came across this in the README for SASL:

Chris,

   And I missed this each of the three times I read that file. Guess I didn't
read it as carefully and thoroughly as I thought I did.

> "IMPORTANT: pwcheck establishes a UNIX domain socket in /var/pwcheck and
> waits for authentication requests. The Postfix SMTP server must have
> read+execute permission to this directory or authentication attempts will
> fail."

   Well, there we are: I don't have a /var/pwcheck directory.

> From: http://www.postfix.org/SASL_README.html

   I read the .txt file.

Thanks,

Rich

--

-- 
Richard B. Shepard, Ph.D.               |  Integrity            Credibility
Applied Ecosystem Services, Inc.        |            Innovation
<http://www.appl-ecosys.com>     Voice: 503-667-4517      Fax: 503-667-8863
(Continue reading)

Permalink | Reply | 0 comments |
headers
M. Edward (Ed) Borasky | 3 Sep 2008 04:56
Favicon

Re: on Linux Kernel Summit and Linux Plumbers Conference 2008

On Tue, 2008-09-02 at 13:34 -0700, Alan wrote:
> On Mon, 2008-09-01 at 09:26 +0800, rae l wrote:
> > I want to know if there are some special activity about KS2008 and LPC2008,
> > 
> > this year they are both held in Portland,
> > 
> > http://www.linuxfoundation.org/events/kernel
> > 
> > Or you will collaborate with LinuxFoundation stuff?
> > 
> 
> There is nothing I know of planned with the local uers group community.
> The Kernel Summit is invite only via the kernel list.  LPC is expensive
> unless you are a student.  Neither group seem interested in user group
> participation.  (Unless David know something I am not aware of...)

Well ... "expensive" is relative. If you live in the Portland area, I
don't think the LPC is expensive. Flying in from Denmark, on the other
hand ... :)

But seriously, I'm going to LPC because I want to hang out with the
folks that do the low-level kernel performance monitoring tools. I'll
take what notes I can. :)
> 
> 
> _______________________________________________
> PLUG mailing list
> PLUG <at> lists.pdxlinux.org
> http://lists.pdxlinux.org/mailman/listinfo/plug
--

--
(Continue reading)

Permalink | Reply | 1 comment |

Gmane