What I do is setup all of the AD domains with.local and use forwarders that point to real DNS servers to resolve anything that isn't on the local network. Like everything else Microsoft related, the MS version of the technology is there to let the MS boxes talk to each other. When you want your boxes to go play in the real world, it is best to hand that responsibility over to something running *nix. That is precisely what we did, right down to using.local. To be fair to the Windows guys, I am not all that familiar with Active Directory and other critical Windows networking systems. I keep to the Unix systems, they keep to the Windows systems. Works wonderfully.
If you're configuring BIND9 and TSIG and screw up, then the worst case scenario is that that it's buggy or you screw it up and an attacker can fiddle with your DNS data. If you're configure djbdns + SSH, then the worst case scenario is that sshd or tcpwrappers has a bug or you screw it up and that gives attackers access to your entire host, including the DNS data. Actually, both scenarios lead to the same worst case: potential root access. With both BIND and djbdns -- or pretty much any program that binds to a well-known port -- you are at the mercy of that process switching to the correct set of privileges.
Of course, djbdns could come with some special scripts to implement well-tested solutions.
IXFR (incremental transfer) is for when you have 10,000 dynamic DNS clients making changes to your zone file, and you need to propagate those changes to your slaves in realtime. Ideally, this won't require sending the whole zone file each time or wiring a trigger to fire off rsync every time an update is made. This is used very commonly in corporate setups where DHCP gives out IPs and hostnames to clients, or at least that's how we use it in conjunction with Active Directory. The Windows admins I've encountered are hopeless when it comes to DNS (blaming every strange issue they encounter on DNS, for example). Best current practice over here is to never have Active Directory and public DNS interact. The Windows types can break Active Directory all they want, and the real DNS service is managed by people with a clue. In that case, djbdns would be a good solution. Are you suggesting that we switch to BIND?
I was soliciting input from people who know what they are talking about, not from today's lets-bash-x crowd.
How many DNS servers lack SSH set up for unattended connections to remote servers, either by using password authentication, passwordless RSA keys, or ssh-agent? Hopefully all of them. SSH supports binding a key to a command in.ssh/authorized_keys. Also supports IP matching too.
Well, except for the ones running djbdns. Looks like you can get djbdns to do AXFR, too.
Actually, nothing got the United States more focused than the Soviet bomb. I submit that the United States would not have "started World War III" under those circumstances.
I mean, I'm too lazy to search for the actual data right now, but let's say an airplane cruises at a generous 1000 km/h, which is transsonic or close enough. Let's say yout travel 1000 km with it. Not a long trip, to be sure, but also high enough for many people to take a plane anyway. Ok, so that plane would spend only 1 hour in the air. From my experience with air travel, however, you're not getting much change out of 3 hours for that trip, once you factor in all the inconveniences of modern air travel. So a train would only need a bit over 300 km/h to compete with that. It's feasible. It isn't just hypothetical. Boston to New York commuters are best served by the high speed (well, 150 MPH) train linking the two cities, and it has the added advantage of putting you on the correct island in New York too.
Given that GPS satellites are succinctly described as "iPods connected to atomic clocks," it seems incredible that the next generation of GPS satellites would be unable to playback the (perhaps intentionally crippled) signal that it was told to broadcast. Got a link for your claim?
Texas is going to execute a man for being an accomplice to a murder. He was 80+ ft away when it happened and it wasn't planned (robbery). That is still felony murder, unless you can elaborate more on the specifics of this case.
I tried to run Freenet. I'm sorry to say that it was too much of a resource hog. Granted, my computer is old. But Entropy works much better than Freenet on it.
What the Java-types need to realize is, in spite of Moore's law, computer power is not limitless. In Freenet's case, there are definite performance issues that have a real impact on its usability.
The obvious solution is to have two sets of plumbing. One for drinking water, and one for waste. The water in my toilet may as well be rainwater; it doesn't have to be freshwater. The hot water that I run the entire time I am shaving to keep the washcloth and blades warm could also be rainwater. I could wash my face with rainwater, as long as I have soap.
I believe they are doing just that in Homestead, Florida.
Most likely a significant percentage of their income comes in through credit cards and having Visa or MasterCard blacklist them would be something that would impact them deeply so when their investigator starts poking into things they'll pay attention.
I speculate that it is highly unlikely that MasterCard or Visa will blacklist the merchant. As long as they can grab the amount in dispute and their $20-$40 non-refundable "dispute fee," they are happy.
I'd like to not speculate and actually cite something. Unfortunately the exact rules that govern chargebacks in MasterCard and Visa are kept secret, even from merchants.
You can sue the company in your state, you do not have to go to which ever state they are in.
If the customer agreed to a particular forum (court for X county, Y state) by agreeing to the terms of the deal, then that is that.
However, the potential litigant suing a fly-by-night registrar can probably get away with this. Settlement is cheaper than hiring a lawyer to file a motion to dismiss.
Wether the Us has juristiction is a matter of fact. Either they do or they don't and it's based on such factors as the locations of both parties to the case. If the fact is that Spamhaus is not in US juristiction then their acceptance of US juristiction (which, according to the facts, never existed) means diddly squat (or should mean diddly squat).
Actually, it is a matter of law.
If I sign a contract with you which leaves me open to be killed by you, it means nothing. The right to life cannot be given up.
This analogy is off the mark by a wide margin.
Likewise the right to stay out of the juristiction of a court by the fact that you're outside it's geographical juristiction should trump any statements made or actions taken previously.
So if I kill someone (an action), plead guilty to it (a statement in court), then flee and stay out of the court's jurisdiction, it is okay? What sort of a bizarre view of the world is that?
Finally some stories are kicking in that the balance is being pushed in favour of consumers instead of the other way.
I don't know about the United Kingdom, but here in the United States it is easy to dispute a charge with MasterCard or Visa. You don't even have to make any effort to return the merchandise. They will allow you to keep the merchandise and the money; this money is taken from the merchant along with a $40 "chargeback fee." "Consumers" exploit this for fraudulent purposes, driving up the costs for everyone.
I think it is entirely reasonable that consumers return merchandise they are not happy with.
# required the consumer to notify Dell of any errors in its confirmation of the consumer's order immediately
You'd expect this anyway, if they refuse to help then cancel because it is within your cooling off period
"Cooling off periods" are normally applicable in different circumstances. For example, a door-to-door salesman pressures you into buying new siding for your house one day. It is normally not applicable when you contact a vendor to make a purchase. None of this would excuse Dell from ignoring a customer's efforts to correct order errors, of course.
VeriSign has taken over www.lksdjglkjdslkjg44.com! This infringes on my trademark, which I have been using since 21:31 EDT. Unless VeriSign transfers that domain to me, for free, I'll sue!
Slashdot Mirror
I was not bashing Windows, just stating that our crop of Windows admins seem to be flustered by DNS.
Of course, djbdns could come with some special scripts to implement well-tested solutions. IXFR (incremental transfer) is for when you have 10,000 dynamic DNS clients making changes to your zone file, and you need to propagate those changes to your slaves in realtime. Ideally, this won't require sending the whole zone file each time or wiring a trigger to fire off rsync every time an update is made. This is used very commonly in corporate setups where DHCP gives out IPs and hostnames to clients, or at least that's how we use it in conjunction with Active Directory. The Windows admins I've encountered are hopeless when it comes to DNS (blaming every strange issue they encounter on DNS, for example). Best current practice over here is to never have Active Directory and public DNS interact. The Windows types can break Active Directory all they want, and the real DNS service is managed by people with a clue. In that case, djbdns would be a good solution. Are you suggesting that we switch to BIND?
Your concerns are valid, but how many DNS servers lack ssh access in the real world?
Actually, nothing got the United States more focused than the Soviet bomb. I submit that the United States would not have "started World War III" under those circumstances.
Given that GPS satellites are succinctly described as "iPods connected to atomic clocks," it seems incredible that the next generation of GPS satellites would be unable to playback the (perhaps intentionally crippled) signal that it was told to broadcast. Got a link for your claim?
Have you read his comment?
I tried to run Freenet. I'm sorry to say that it was too much of a resource hog. Granted, my computer is old. But Entropy works much better than Freenet on it.
What the Java-types need to realize is, in spite of Moore's law, computer power is not limitless. In Freenet's case, there are definite performance issues that have a real impact on its usability.
Bear in mind that Homestead, Florida was more or less rebuilt from scratch after Hurricane Andrew in 1992.
I believe they are doing just that in Homestead, Florida.
I speculate that it is highly unlikely that MasterCard or Visa will blacklist the merchant. As long as they can grab the amount in dispute and their $20-$40 non-refundable "dispute fee," they are happy.
I'd like to not speculate and actually cite something. Unfortunately the exact rules that govern chargebacks in MasterCard and Visa are kept secret, even from merchants.
If the customer agreed to a particular forum (court for X county, Y state) by agreeing to the terms of the deal, then that is that.
However, the potential litigant suing a fly-by-night registrar can probably get away with this. Settlement is cheaper than hiring a lawyer to file a motion to dismiss.
With all the talk of conspiracies and dirty dealings, I'm surprised no one has yet brought up the topic of alien coverups.
Actually, it is a matter of law.
This analogy is off the mark by a wide margin.
So if I kill someone (an action), plead guilty to it (a statement in court), then flee and stay out of the court's jurisdiction, it is okay? What sort of a bizarre view of the world is that?
As stated repeatedly, Spamhaus implicity accepted jurisdiction when they had the case moved from state court to federal court.
Any reference to current and past suits against Google?
I don't know about the United Kingdom, but here in the United States it is easy to dispute a charge with MasterCard or Visa. You don't even have to make any effort to return the merchandise. They will allow you to keep the merchandise and the money; this money is taken from the merchant along with a $40 "chargeback fee." "Consumers" exploit this for fraudulent purposes, driving up the costs for everyone.
I think it is entirely reasonable that consumers return merchandise they are not happy with.
"Cooling off periods" are normally applicable in different circumstances. For example, a door-to-door salesman pressures you into buying new siding for your house one day. It is normally not applicable when you contact a vendor to make a purchase. None of this would excuse Dell from ignoring a customer's efforts to correct order errors, of course.
Help!
VeriSign has taken over www.lksdjglkjdslkjg44.com! This infringes on my trademark, which I have been using since 21:31 EDT. Unless VeriSign transfers that domain to me, for free, I'll sue!
This sounds similar to the dial-up modem tax rumor of the early 1990s. Is there any truth to this, or are we going to panic for no reason again?
The typical college student will keep too much crap in their Crapper Keeper to be organized. A note not found is a note lost.
"Doctor, it hurts when I do this." "Well, don't do that then."