[lpi-discuss] WAS: LPIC-1/2 training

Jack Coates jack at monkeynoodle.org
Sun Jul 25 02:10:29 EDT 2004


...
> One thing I really think is missing in the Freedomware world is an
> "universal OSI level 2+3 name server."  We need to get away from the
> Internet DNS server approach and introduce a 100% LAN DNS + DHCP +
> legacy nameserver.  That can solve a bunch of issues.
>
> E.g., Force system naming nomenclatures for key network resources and
> reserve portions of  subnets for "static" IPs right in the integrated
> level 2+3 nameserver.  That would solve dynamic DNS security issues with
> ease.  Also introduce peer nameserver replication, etc...  as well as
> remote subnet resource announcements, reducing various strains on
> routers that should be on nameservers, etc...  At the same time, you
> could make it 100% BIND v9 compatible, offer DNS secondary servers,
> etc...  I am in the middle of a whitepaper.
>
> Furthermore, you'd protect it just like you would your KDC (Kerberos
> Distribution Center aka "key server") and timeserver.  My #1 complaint
> with the integrated ActiveDirectory DC model is that the KDC is easily
> hackable, because it's on a DC offering RPC services.  The AD DC model
> also only offers "Windows-only ActiveDirectory-integrated" to resolve
> security issues.  Not good for heterogenous networks.

I'm not sure I'm following what you're after, the whitepaper should prove
interesting when it's done. After a cursory read I'm thinking you're
imagining dynamically updated HINFO or TXT records that announce available
services?

I definitely have found the nasty dual name-resolution stuff the number
one capital P problem in Windows networks, so anything that promises to
bring such loveliness back to *nix gets a big thumbs down from me. If it's
not an extension to DNS, I'm not interested.

-- 
Jack At Monkeynoodle.Org:  It's A Scientific Venture...
"Believe what you're told; there'd be chaos if everyone thought for
themselves." -- Top Dog hotdog stand, Berkeley, CA



More information about the lpi-discuss mailing list