tech-userlevel archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: CVS commit: src/etc/rc.d
Tonnerre LOMBARD <tonnerre%netbsd.ch@localhost> writes:
> On Sat, Aug 08, 2009 at 11:16:16AM -0400, Perry E. Metzger wrote:
>> I suppose I'm not in my right mind, then, and neither are lots of people
>> who care about security in circumstances where no other trustworthy
>> server exists.
>>
>> (As an aside, one wonders where you think people can always get said
>> "other servers" from -- do you imagine that all servers on the internet
>> permit recursive queries from unknown machines? Of course, often there
>> is an untrustworthy ISP server available, which these days is often
>> happy to provide you with the "service" of redirecting you to
>> advertising pages they manage when you "mistakenly" ask for a
>> non-existent A record.)
>
> Ok, let's talk security then. What do you think your dnssec signature
> generator is going to do if named is started before ntpd?
So don't do that.
Perry
--
Perry E. Metzger perry%piermont.com@localhost
Home |
Main Index |
Thread Index |
Old Index