Re: Change over to anonymous binds

[Tony Earnshaw <tonni@billy.demon.nl>]

man, 2002-08-19 kl. 00:25 skrev Kurt D. Zeilenga:

> Choosing the name to put in the CN of your server cert
> should be simple.  Choose the fully qualified domain name
> which will return for the client the desired IP address(es)
> of the server and place the certificate.  If there are
> multiple FQDNs, choose the one which you would like the
> users to enter.

Though ... as I wrote, that's o.k. if your host is constantly connected
to the network bearing/served by that domain name. Mine isn't.

This machine is a dialup node with a static IP number (212.238.97.135)
for which I and my ISP have chosen the name billy.demon.nl. My name
server cannot possibly be authorative for demon.nl.

So if I put billy.demon.nl in my certificate, it constantly wants to go
to the Internet to resolve it.

My workaround was to make certificates with non-qualified cn=localhost
and configure the caching nameserver on the node to be authorative for
localhost.demon.nl - 127.0.0.1 - which is the answer it would get from
Demon's nameservers anyway (I used to be DNS admin for my firms, with up
to 4 Internet nameservers, for which the zone tables first had to be
approved by the Dutch Internet authority).

Or perhaps someone has a better suggestion? Mine works fine for me :-)

Best,

Tony
 
-- 

Tony Earnshaw

The usefulness of RTFM is vastly overrated.

e-post:		tonni@billy.demon.nl
www:		http://www.billy.demon.nl
gpg public key:	http://www.billy.demon.nl/tonni.armor

Telefoon:	(+31) (0)172 530428
Mobiel:		(+31) (0)6 51153356

GPG Fingerprint = 3924 6BF8 A755 DE1A 4AD6 FA2B F7D7 6051 3BE7 B981
3BE7B981