tech-userlevel archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: CVS commit: src/etc/rc.d

Tonnerre LOMBARD <> writes:
> On Sat, Aug 08, 2009 at 11:16:16AM -0400, Perry E. Metzger wrote:
>> I suppose I'm not in my right mind, then, and neither are lots of people
>> who care about security in circumstances where no other trustworthy
>> server exists.
>> (As an aside, one wonders where you think people can always get said
>> "other servers" from -- do you imagine that all servers on the internet
>> permit recursive queries from unknown machines? Of course, often there
>> is an untrustworthy ISP server available, which these days is often
>> happy to provide you with the "service" of redirecting you to
>> advertising pages they manage when you "mistakenly" ask for a
>> non-existent A record.)
> Ok, let's talk security then. What do you think your dnssec signature
> generator is going to do if named is started before ntpd?

So don't do that.

Perry E. Metzger      

Home | Main Index | Thread Index | Old Index