[lpi-discuss] WAS: LPIC-1/2 training
jack at monkeynoodle.org
Sun Jul 25 02:10:29 EDT 2004
> One thing I really think is missing in the Freedomware world is an
> "universal OSI level 2+3 name server." We need to get away from the
> Internet DNS server approach and introduce a 100% LAN DNS + DHCP +
> legacy nameserver. That can solve a bunch of issues.
> E.g., Force system naming nomenclatures for key network resources and
> reserve portions of subnets for "static" IPs right in the integrated
> level 2+3 nameserver. That would solve dynamic DNS security issues with
> ease. Also introduce peer nameserver replication, etc... as well as
> remote subnet resource announcements, reducing various strains on
> routers that should be on nameservers, etc... At the same time, you
> could make it 100% BIND v9 compatible, offer DNS secondary servers,
> etc... I am in the middle of a whitepaper.
> Furthermore, you'd protect it just like you would your KDC (Kerberos
> Distribution Center aka "key server") and timeserver. My #1 complaint
> with the integrated ActiveDirectory DC model is that the KDC is easily
> hackable, because it's on a DC offering RPC services. The AD DC model
> also only offers "Windows-only ActiveDirectory-integrated" to resolve
> security issues. Not good for heterogenous networks.
I'm not sure I'm following what you're after, the whitepaper should prove
interesting when it's done. After a cursory read I'm thinking you're
imagining dynamically updated HINFO or TXT records that announce available
I definitely have found the nasty dual name-resolution stuff the number
one capital P problem in Windows networks, so anything that promises to
bring such loveliness back to *nix gets a big thumbs down from me. If it's
not an extension to DNS, I'm not interested.
Jack At Monkeynoodle.Org: It's A Scientific Venture...
"Believe what you're told; there'd be chaos if everyone thought for
themselves." -- Top Dog hotdog stand, Berkeley, CA
More information about the lpi-discuss