[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] Remote DNS/MX Records <Security>
- Subject: Re: [cobalt-users] Remote DNS/MX Records <Security>
- From: Jeff Lasman <jblists@xxxxxxxxxxxxx>
- Date: Thu Feb 1 05:45:22 2001
- Organization: nobaloney.net
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
"Rodolfo J. Paiz (E-mail)" wrote:
> I've been looking at Webmin (www.webmin.com), Plesk (www.plesk.com) and
> Volution (www.caldera.com) for doing this on non-Cobalt systems. And it
> is my understanding that the RaQ allows this as well. Conclusion, even
> if tentative: if there were any major downsides to this (other than the
> one I mentioned above) we would have heard about it by now.
The issue is to limit users to only be able to change their own DNS, and
also to not put anything into the /etc/named.conf file that will keep
the dns from restarting at all.
If you're absolutely positive you've covered those bases (and be very
careful if you're doing it with scripts running as root), and you've
double tested, triple tested and quadruple tested and made sure no one
can put anything into /etc/named.conf that would cause named to not
restart, then I'd say... go back and check it again.
> A guess as usual, but reasonable for once.
One mistake somewhere, and DNS for your entire customer base goes down.
We're working on scripts to enable safe DNS changes. When we're
satisfied they can't be broken, we'll start working on a web-interface
to them.
When we're sure THAT won't break... well, I should live so long <smile>.
Jeff
--
Jeff Lasman <jblists@xxxxxxxxxxxxx>
nobaloney.net
P. O. Box 52672
Riverside, CA 92517
voice: (909) 787-8589 * fax: (909) 782-0205