[K12OSN] OT: /etc/hosts autoupdate

Quentin Hartman qhartman at lane.k12.or.us
Wed May 31 14:56:20 UTC 2006

On Wed, 2006-05-31 at 07:26 -0400, Paul VanGundy wrote:
> 1. Can I have Bind be a secondary DNS and replicate from the primary DNS
> that is installed on the Active Directory server? 

Not sure, it would depend on how MS's DNS replicates its information. I
would guess that it probably would work, assuming MS stuck to the RFC's,
but I've never done it.

> 2. How will this effect my thin clients?

Well, assuming they are still getting their hostnames assigned
correctly, I don't think it would affect them directly at all. Assuming
your routing/firewalling/NAT'ing is setup to allow it, they would be
accessible via hostname from outside the thinclient network, but other
than that, it shouldn't change their behavior. Though again, I have not
ever put my installations into this sort of configuration, so I could be

> 3. What's the difference between BIND and BIND-CHROOT?

BIND-CHROOT installs bind in a "chroot jail", meaning that it is sort of
"trapped" in a sub-section of the system, only allowing it to access the
resources it needs to do its job, and nothing else. It applies the
principle of least privilege that is often used when assigning users
permissions to the bind daemon. It greatly increases security, but it
also introduces a pretty big jump in complexity. Unless your server is
going to be right on the Internet, or some other similarly hostile
environment, I wouldn't bother with it. But then again, it's an
interesting exercise, so if you have the time, it's a worthwhile thing
to become familiar with.

-Quentin Hartman-

Technology Coordinator
South Lane School District
Cottage Grove, OR

More information about the K12OSN mailing list