SCP speed question

Bill Campbell linux-sxs
Sat Jan 6 10:06:30 PST 2007 

On Sat, Jan 06, 2007, Matthew Carpenter wrote:
>On Saturday 06 January 2007 03:08, Bill Campbell wrote:
>> I often use rsync in its daemon mode without ssh for cases where
>> the security of the data isn't critical.  I would rather do that,
>> particularly for things that run from cron, than deal with the
>> issues of ssh keys without proper pass phrases.
>
>Again, I'm failing to see the issues.  Could you explain more?  ssh keys can 
>be created without passphrases for purposes just like this.

Using ssh with rsync permits access to any files/directories on
the remove system, but using rsync modules permits control to
individual directories and may restrict to specific IP addresses
and/or CIDR ranges.  Furthermore, having ssh keys with empty pass
phrases provides links to destination machines in the event that
the machine is cracked.

>> >Doesn't djbdns provide actual DNS zone transfers with IP and/or key-based
>> >restrictions?
>>
>> It does, but it's far easier to basically ``cat'' a bunch of zone
>> files together, and rsync the combined files to secondaries.
>
>Again, that doesn't make sense to me.  Perhaps it gives you more control, but 
>how could it be easier?  I admit, I've only ever used BIND for DNS, so I 
>could be out in left field, but DNS has a propagation (hey there David ;) 
>infrastructure that is made just so that you don't have to do what you're 
>doing.
>
>I'm really not trying to be antagonistic, I just don't understand.

We provide secondary DNS for hundreds of domains, maintained by
several of our ISP customers.  It would be a major PITA for me to
maintain the appropriate files for zone transfers for these
domains.  The ISPs responsible for the primary records push the
djbdns data to our site using rsync when they're updated, and our
routines then process them along with the records for other ISPs
and the domains we maintain locally.

While BIND provides the ability to push from primaries to
secondaries, it doesn't deal with updating the named.conf file
which controls the domains the name server handles.  The djbdns
data files are *MUCH* simpler than BIND's, and it's easy to
manipulate them with simple shell scripts.

Bill
--
INTERNET:   bill at Celestial.COM  Bill Campbell; Celestial Software LLC
URL: http://www.celestial.com/  PO Box 820; 6641 E. Mercer Way
FAX:            (206) 232-9186  Mercer Island, WA 98040-0820; (206) 236-1676

``Anyone who thinks Microsoft never does anything truly innovative isn't
paying attention to the part of the company that pushes the state of
its art: Microsoft's legal department.'' 
   --Ed Foster, InfoWorld Gripe Line columnist

More information about the Linux-users mailing list