D&C GLug - Home Page

[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] IPCOP & BIND

 

Gary wrote:
> Yes I fully agree that they should move the DNS service elsewhere -
> in my opinion to a pc sat behind the firewall pc (IPCOP if they must)
> 
There's little point in making a DNS server under IPCOP at all.

> with the same drop in IP config, but with port 53 (DNS) forwarded to
> the internal DNS machine ... I've said this to them until I'm blue in
> the face!!! But exercising political muscle when you have none (even
> though you may have technical muscle); it's nigh on impossible to do!
> If management want, they normally get and don't care about any
> details outside THEIR outline & spec.

Then you would be best advised to retain the current system.

IPCOP isn't intended to run DNS. Running DNS on IPCOP by forcing an
install may have unforeseen consequences on the effectiveness and/or
stability of IPCOP.

The combination of a forced DNS install with IPCOP is certainly going to
be no more stable than Debian stable. IPCOP does not come with DNS for a
reason and if you force it, you aren't really getting IPCOP anymore.

> I'm going to need to fight my corner on this I know ... I just don't
> think I will be listened too ...... and in that case, I just don't
> know what I'll be able to do!

Explain, patiently, that the IPCOP reputation is built on IPCOP's
strengths: A standalone, dedicated, firewall that does nothing else.
That is what IPCOP is good at and that is what the developers envisage
for the installation. IPCOP doesn't even come with partitioning tools
because it expects to get the entire PC to itself. There are good
reasons for all those decisions. The IPCOP reputation is deserved - as
long as you stay within the design expectations of IPCOP itself.

Deviating from the IPCOP design gives you a system with no more
stability, effectiveness or reliability than Debian stable itself.

-- 

Neil Williams
=============
http://www.data-freedom.org/
http://www.nosoftwarepatents.com/
http://www.linux.codehelp.co.uk/


Attachment: signature.asc
Description: OpenPGP digital signature