Professional Web Applications Themes

feedback on a good DNS server - FreeBSD

I am looking into setting up a DNS server on our network using an existing FreeBSD box. I have been looking around and reading comments on different DNS servers out their but everyone has mixed feelings. I know someone who uses BIND and is happy with it .. is their any reason why BIND wouldn't be a good choice? All i need is to have DNS running on a webserver so we can host our site internally...any feedback on this setup and/or DNS server is appreciated Thanks in advance...

  1. #1

    Default feedback on a good DNS server

    I am looking into setting up a DNS server on our network using an
    existing FreeBSD box. I have been looking around and reading comments
    on different DNS servers out their but everyone has mixed feelings. I
    know someone who uses BIND and is happy with it .. is their any reason
    why BIND wouldn't be a good choice? All i need is to have DNS running
    on a webserver so we can host our site internally...any feedback on
    this setup and/or DNS server is appreciated

    Thanks in advance
    sn1tch Guest

  2. #2

    Default Re: feedback on a good DNS server

     

    I belive Bind is still included with the base FreeBSD OS. I've used it in
    the past and never had any problems with it. As always, YMMV.

    --
    Ean Kingston
    E-Mail: ean_AT_hedron_DOT_org
    PGP KeyID: 1024D/CBC5D6BB
    URL: http://www.hedron.org/


    Ean Guest

  3. #3

    Default Re: feedback on a good DNS server

    --On Wednesday, March 09, 2005 04:42:46 PM -0500 Ean Kingston
    <org> wrote: 
    >
    > I belive Bind is still included with the base FreeBSD OS. I've used it in
    > the past and never had any problems with it. As always, YMMV.[/ref]

    If you're concerned about security, BIND has had a large number of security
    problems. DJBDNS is in /usr/ports/dns/ and it's very easy to setup and
    very easy to use. More responsive than BIND as well, and you don't have to
    figure out the esoteric syntax that BIND requires.

    Paul Schmehl (edu)
    Adjunct Information Security Officer
    The University of Texas at Dallas
    AVIEN Founding Member
    http://www.utdallas.edu
    Paul Guest

  4. #4

    Default Re: feedback on a good DNS server



    Paul Schmehl wrote:
     
    >>
    >>
    >> I belive Bind is still included with the base FreeBSD OS. I've used
    >> it in
    >> the past and never had any problems with it. As always, YMMV.[/ref]
    >
    >
    > If you're concerned about security, BIND has had a large number of
    > security problems. DJBDNS is in /usr/ports/dns/ and it's very easy to
    > setup and very easy to use. More responsive than BIND as well, and
    > you don't have to figure out the esoteric syntax that BIND requires.
    >[/ref]
    "Has had" being the operative phrase - that would be bind 4 and bind 8 -
    bind 9 which is a rewrite has a pretty solid record - also in the ports
    tree.

    The argument against DJBDNS comes down to a) DJB annoys a lot of people
    and b) some of those people thinkg DJBDNS is not standards compliant.
    This argument is about as accurate as the "bind not secure" argument -
    they both may have a grain of truth in the past.

    The DNS discussion is a lot like the Linux vs BSD discussion - it's a
    religious issue (strongly held views not always supported by facts)

    John
    John Guest

  5. #5

    Default Re: feedback on a good DNS server

    On Wednesday 09 March 2005 04:00 pm, John Pettitt wrote:
     

    Erm, "b" is definitely true. It doesn't support IXFR or NOTIFY, so if you
    plan on slaving another zone (or having another server slave one of your
    zones), then you're expected to install rsync and get your peer to do the
    same. Oh, and c) djbdns isn't Free or Open Source by any definition of
    either phrase. That's not important to some people, but others consider it
    kind of important.
    --
    Kirk Strauser

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.0 (FreeBSD)

    iD8DBQBCL7od5sRg+Y0CpvERAnvwAKCKrdHds4T+ksbzfXbKrE 3VjI3xhgCfZU+U
    saOkWLHbRrw4mjjHYjEjzYc=
    =bRYn
    -----END PGP SIGNATURE-----

    Kirk Guest

  6. #6

    Default Re: feedback on a good DNS server

    > Oh, and c) djbdns isn't Free or Open Source by any definition of  

    Dan has given explicit permission to read, compile, modify and use
    the source code of djbdns. The only restriction is that you may not
    distribute any modified code (enterprising people could modify and
    distribute the source with deliberately placed bugs in order to try
    to claim the djb 'Security Guarantee' - at least that's the theory).

    http://cr.yp.to/distributors.html

    Mark

    --
    PGP: http://www.darklogik.org/pub/pgp/pgp.txt
    B776 43DC 8A5D EAF9 2126 9A67 A7DA 390F DEFF 9DD1

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.0 (FreeBSD)

    iQIVAwUBQi/LjKfaOQ/e/53RAQqoVxAAtrT59aK2xwHSlEHW3tJIi/OzR+tuW8mO
    Fb1uVlPqjLlRy6apCvHlT7FhFg6rHZBssha1PQoMHLDIptlXBs BCQK6M8bnrmXM+
    JCN5wRNlB0QkGC5s95darj3+A1mqDMkxjhbWA7l71gJdN7w13K sacaX+ooiuhcHG
    4N1atpkGWaDd58jXLCY8L1kLld25nmaIhsh1V+nHXaADpamCDM 2JfZoRE+DO6c77
    ctJmp6w8SRJvx02zZPEoh9ybu97lyEIlN9w4Fa8HajP7GCjUe5 YCwrZTegPE6mwu
    1HaFSzrH5Q+sfhdH0M7I5K9g2othXqRJz4Cm38FqHLXHg9KcWm ERyN69BlLKEQZ2
    faThNLp/qXUNnotN5mBBtE+9f3vso6jSV/CQJOZQHSHA27xwxCNHF1n7GgzeayGA
    J0aeNpCHZxgLrR8Ss4SxdSjt0wIBl+z72Hc4mJjSXtDcXaF4s5 iO0JQxCdYV7Jhi
    iR/bqyhDJPoelAOoMmTzcSzFNGEjxd0chUykFdeCfqTesfFrshcJt Hsein/9woqi
    2nRPwKt2S+45+REdvw6bWGlJpG8nulLR9KvOw8v/So1gXmmvcz8qyN6KL2TEb7gc
    aiAZCWnGbpvO1MDg1gIIOUXDLUpDFOeG8STEcDtb2+DnVzJIHv siYkPUmPgS86Bt
    AX3lqUmjbwU=
    =53li
    -----END PGP SIGNATURE-----

    markzero Guest

  7. #7

    Default Re: feedback on a good DNS server

    On Wed, Mar 09, 2005 at 02:00:50PM -0800, John Pettitt wrote: [/ref]
     [/ref][/ref]
     

    BIND 9 is not only in the ports tree, it's the default bundled with
    FreeBSD 5.x:


    % dig localhost version.bind CHAOS TXT

    [...]

    ;; ANSWER SECTION:
    version.bind. 0 CH TXT "9.3.0"

    But, more to the point, running the stock BIND in a chroot jail is
    completely automatic nowadays. All you need do is put
    'named_enable="YES"' into /etc/rc.conf.

    Performs well enough to serve typical home uses no problem. Bind
    9.3.1 is on the horizon, and I hear that the plan is to build that
    threaded by default, which will improve responsiveness for more
    demanding environments.

    Cheers,

    Matthew

    --
    Dr Matthew J Seaman MA, D.Phil. 8 Dane Court Manor
    School Rd
    PGP: http://www.infracaninophile.co.uk/pgpkey Tilmanstone
    Tel: +44 1304 617253 Kent, CT14 0JL UK

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.0 (FreeBSD)

    iQCVAwUBQjAJaJr7OpndfbmCAQL6EAQAkJF6m3oWQ5boSGI8sg 03k6dOwhwaRhno
    EubUjU+S/75qEN7FFRSL/Xb6EdkHMT8WPiUGfLPG5qn00piW2Y7Yq9K0IksKHLKr
    BDqoCTSNUVXIGQ1ulLIlkIa/mfj8lKhgn5CrHYOjZ9ojHhX+Qz0aqV/bxjSwBdLf
    P+aGYxQM694=
    =u2Cm
    -----END PGP SIGNATURE-----

    Matthew Guest

  8. #8

    Default Re: feedback on a good DNS server

    On Wednesday 09 March 2005 22:22, you wrote:
     

    From http://www.qmail.org/not-open-source.html:

    "For a program to be "open source", you must be able to, among other
    things, change the source and redistribute it. DJB prohibits
    distribution of modified code and so programs which are so-licensed are
    not open source."

    In other words, people who aren't the Free Software Foundation or OSI also
    agree that Dan's license isn't an Open Source license. As I said, though,
    whether that's good, bad, or irrelevant is up to the administrator. It's
    just something that many people aren't aware of but would be interested in.
    --
    Kirk Strauser

    -----BEGIN PGP SIGNATURE-----

    iD8DBQBCMGyA5sRg+Y0CpvERAprSAJ9BW895U9TxYeR4aQaQP4 sO7ObWtgCgnBY8
    emqcYbW9MtoCZIptyCDNtRw=
    =VaKA
    -----END PGP SIGNATURE-----

    Kirk Guest

  9. #9

    Default Re: feedback on a good DNS server

    > > Dan has given explicit permission to read, compile, modify and use 
    >
    > From http://www.qmail.org/not-open-source.html:
    >
    > "For a program to be "open source", you must be able to, among other
    > things, change the source and redistribute it. DJB prohibits
    > distribution of modified code and so programs which are so-licensed are
    > not open source."
    >
    > In other words, people who aren't the Free Software Foundation or OSI also
    > agree that Dan's license isn't an Open Source license. As I said, though,
    > whether that's good, bad, or irrelevant is up to the administrator. It's
    > just something that many people aren't aware of but would be interested in.[/ref]

    Good point.

    I suppose it's also a matter of the definition of 'Open Source'. For me,
    open source equates to 'I can read the code to see if it's trustworthy
    and can compile it so I know that I got what I read' but you're right,
    it doesn't pass the 'official' definition.

    Mark

    --
    PGP: http://www.darklogik.org/pub/pgp/pgp.txt
    B776 43DC 8A5D EAF9 2126 9A67 A7DA 390F DEFF 9DD1

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.0 (FreeBSD)

    iQIVAwUBQjBvDafaOQ/e/53RAQr50w/8Cg/nscuSDT7z8zSYsOH9xQumjLk1x12K
    GYSEdl/Qdo8phzB28uiLzqMz5EsheaHPttOaOsTDjEno6qxFsq1XpXrjU M7mtIYY
    K0EX6y7Z5Q+onn2iAIbSIAdq5vAYhlgScbUVM5YoXZFzFrtHVn 5lLGyP/AKSiz5v
    30mb5Q/KUtb8wa7IeIG5FuOHnEsFlPTPW5Rt4EfEs5/Lg0YOi+UPadUYedkLX/en
    I4LuKntmnUMiWwRXXKFSDwJRT9OdkHSp47oOTQGRNLdq8ZSyIH jiEMaa1op0sgEZ
    74nU2j9CaxPA37DA7ECc0OMYIAy5rvFzgZcru84FEGBk6z8F3c 3hs19sTtpkhH6L
    t4ACmckO90DpBkx0c3i9J4/Eq5vUJCjFargwdXavaGzKQF51uPJ1MSet9qWeF7E7
    jo8HAf5YORpevk5IJjTijREOWiqbsIRUMXfo+UCk5diIzAhZ3O t9zDMLLtA4Bxt7
    XS3GrVsbDb2Mvv7RVd/9bFoPRe145SUMxj03PRpc9zwfL23AXMqZVGAfbel8CR3A
    mh/kL4LKywDnrAlFF3ZcAisyzE/evuo7Uco5H7S96VdBITL2qysNd2x6hbC9/xf+
    z5Zh0q7+6i1DZvFmLJtDUHAzUtCNefODcSSzNurfMj9ppUXhWT 71KMMw2PrUcZIR
    NPQuepZYwos=
    =5EeM
    -----END PGP SIGNATURE-----

    markzero Guest

  10. #10

    Default Re: feedback on a good DNS server

    sn1tch writes:
     

    BIND works great for me on my little LAN.

    --
    Anthony


    Anthony Guest

Similar Threads

  1. mail server undeliverable email feedback
    By JoyRose in forum Coldfusion Server Administration
    Replies: 1
    Last Post: August 5th, 01:26 PM
  2. Replies: 0
    Last Post: March 3rd, 11:31 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139