Re: [Sheflug] Any DNS Experts around........

[Gary Stimson <gary [at] xxxxxxxxxxxxxx>]

At 19:34 11/03/03 +0000, Rob Keeling wrote:
> I did wonder about redirecting all outgoing port 25 traffic to our mail
> server, which would solve the mail issue, but still
> leaves the web filtering.
That's a reasonable idea. It means that when users are using the wrong SMTP 
details outgoing email will still work and you don't get helpdesk calls 
from them.

Did you know that Freeserve do this? No matter what you use as a SMTP 
server, Freeserve always proxy the traffic through their own mail servers. 
If all your laptops are on Freeserve try their SMTP settings as your school 
mail server and see whether Freeserve proxies the mail, assuming that you 
can get a DNS lookup for your school mail server on an external network.

Just a note about BIND.. it's terribly designed and security issues are 
always being discovered. You need to do one of:
- Firewall the name server ports so they're not accessible from remote 
hosts when connected thru freeserve. For your purposes, this is probably 
the best.
- Patch BIND when each security update is released.
- Replace BIND with DBJDNS from http://cy.yp.to . When setting up servers, 
one of the first things I do is remove BIND and sendmail, replacing them 
with DJBDNS and QMail from the above address. They're the dog's danglies :-)

Gary

___________________________________________________________________

Sheffield Linux User's Group -
http://www.sheflug.co.uk/mailfaq.html

 GNU the choice of a complete generation.