[Date Prev][Date Next]
Re: Change over to anonymous binds
man, 2002-08-19 kl. 00:25 skrev Kurt D. Zeilenga:
> Choosing the name to put in the CN of your server cert
> should be simple. Choose the fully qualified domain name
> which will return for the client the desired IP address(es)
> of the server and place the certificate. If there are
> multiple FQDNs, choose the one which you would like the
> users to enter.
Though ... as I wrote, that's o.k. if your host is constantly connected
to the network bearing/served by that domain name. Mine isn't.
This machine is a dialup node with a static IP number (188.8.131.52)
for which I and my ISP have chosen the name billy.demon.nl. My name
server cannot possibly be authorative for demon.nl.
So if I put billy.demon.nl in my certificate, it constantly wants to go
to the Internet to resolve it.
My workaround was to make certificates with non-qualified cn=localhost
and configure the caching nameserver on the node to be authorative for
localhost.demon.nl - 127.0.0.1 - which is the answer it would get from
Demon's nameservers anyway (I used to be DNS admin for my firms, with up
to 4 Internet nameservers, for which the zone tables first had to be
approved by the Dutch Internet authority).
Or perhaps someone has a better suggestion? Mine works fine for me :-)
The usefulness of RTFM is vastly overrated.
gpg public key: http://www.billy.demon.nl/tonni.armor
Telefoon: (+31) (0)172 530428
Mobiel: (+31) (0)6 51153356
GPG Fingerprint = 3924 6BF8 A755 DE1A 4AD6 FA2B F7D7 6051 3BE7 B981