How to test if your caching nameserver is vulnerable to recently hot cache poisoning issue:
dig @ip_of_your_caching_ns +short porttest.dns-oarc.net TXT
Example:
$ dig @192.168.1.254 +short porttest.dns-oarc.net TXT
z.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.net.
"x.y.z.q is GOOD: 26 queries in 5.0 seconds from 26 ports with std dev 17652.90"
PXE is a well known and widely used in some enviroments. I’m quite often playing with some servers, testing, installing various things, reflashing firmwares etc. Usually that was done with PLD RescueCD on a CDRW medium, (Free)DOS images/isos etc. Unfortunately burning different stuff over and over is annoying. How to do something nice and usable?
Default apache running from one UID/GID isn’t too secure. Users can look into all virtuals hosted on server. No one can stop them if PHP/CGI is allowed.
One of solutions of this problem is to run PHP as CGI. With suexec this will allow to run PHP under certain UID/GID. Unfortunately running PHP as CGI slows things down. FastCGI comes with help here.