Re: More examples of SCO's stunning competence
From: Joe Dunning (joe_at_blahblah.invalid)
Date: 10/31/03
- Previous message: Michael Vraniak: "Re: SCO 5.0.5 - How do I set a network adapter to 100 Full duplex?"
- In reply to: Kim Petersen: "Re: More examples of SCO's stunning competence"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Fri, 31 Oct 2003 18:13:43 GMT
On Fri, 31 Oct 2003 11:39:48 +0100, Kim Petersen <kp@kyborg.dk> wrote:
>Joe Dunning wrote:
>>
>> I showed last week how SCO' IT department had failed to perform a
>> basic security measure when configuring SCO's nameservers (it's since
>> been fixed).
>>
>
>Taking this back to the technical, can you please explain to me (since
>you didn't in the first post). What exactly the security issue here is?
If you look on ISC's web page:
http://www.isc.org/products/BIND/contributions.html
you will see a reference to this paper (in fact it's the FIRST paper
referenced on that page):
http://www.acmebw.com/resources/papers/securing.pdf
Look at the FIRST thing it advises. As I said: standard procedure. If
you think it is wrong, go argue with the author, or go argue with ISC.
Incidentally, I note that some of the nameservers for kyborg.dk restrict
zone transfers -- the nameservers that I think are outsourced?
It seems you manage the nameservers for kyborg.dk, since the contact
in the zone file is "kp.kyborg.dk".
Given that:
1. There is apparently authoritative advice to restrict zone transfers
and
2. there is no reason to not do this,
It would seem that any prudent sysadmin would, in fact restrict zone
transfers.
- Previous message: Michael Vraniak: "Re: SCO 5.0.5 - How do I set a network adapter to 100 Full duplex?"
- In reply to: Kim Petersen: "Re: More examples of SCO's stunning competence"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
