I don’t think so. From: Adam Moffett via Af Sent: Friday, October 03, 2014 8:34 AM To: af@afmug.com Subject: Re: [AFMUG] DNS server for guys who dont want to be gurus
It may be 9.8.2 with security fixes backported from later versions. I would disagree, didn’t Steve say the latest he updated to was 9.8.2? https://kb.isc.org/article/AA-00913/0/BIND-9-Security-Vulnerability-Matrix.html ISC shows 9.8.8 EOL as of September 2014, so 9.8.2 is quite a few versions old. With all the DNS amplification attacks and these zero day exploits coming out all the time, I’d want to be pretty current, plus I believe 9.10 gives you RRL in your toolbox to deal with attacks although I’ll admit I haven’t had time to experiment with it. From: Mike Hammett via Af Sent: Friday, October 03, 2014 6:10 AM To: af@afmug.com Subject: Re: [AFMUG] DNS server for guys who dont want to be gurus The server based distributions like CentOS\RHEL and Debian generally are close to current regarding security updates even if they don't have the latest version. ----- Mike Hammett Intelligent Computing Solutions http://www.ics-il.com ------------------------------------------------------------------------------ From: "Ken Hohhof via Af" mailto:af@afmug.com To: af@afmug.com Sent: Thursday, October 2, 2014 5:30:01 PM Subject: Re: [AFMUG] DNS server for guys who dont want to be gurus You need a named.conf that defines the slave zones and the IP address of the master. But first step is to download/compile/install the latest version of BIND, it’s actually quite easy. I doubt you can get the version you want via yum update because CentOS is based on RHEL which is always a few steps behind. Given the DNS attacks, you want the latest BIND. You might then want to lock out the package from being updated by yum. From: That One Guy via Af Sent: Thursday, October 02, 2014 4:36 PM To: af@afmug.com Subject: Re: [AFMUG] DNS server for guys who dont want to be gurus So Im at a new Centos with webmin fresh bind install. We have one master, one slave server I have never set up bind, this was done before me. If I were to take down the old slave server and bring this one up on its IP will the master update this one, or is there a config I need to move over. Im more comfotable doing the slave first. These are all webmin, but the original is ubuntu and the new is centos On Thu, Oct 2, 2014 at 2:00 PM, Paul Stewart via Af <af@afmug.com> wrote: I always install CentOS bare bones …. “minimal server” is what the installation will call it. This way you can install whatever you like after installation and not worry about removing many dozen packages you don’t need… Just my preference anyways…. From: Af [mailto:af-boun...@afmug.com] On Behalf Of That One Guy via Af Sent: Thursday, October 02, 2014 2:24 PM To: af@afmug.com Subject: Re: [AFMUG] DNS server for guys who dont want to be gurus 2 questions in this 1. when running through the current centos installation, what do i select for the server type, for powercode it says select basic server 2. is there a guide for building dedicated centos servers based on server purpose? I assume there are packages I dont need to install if its only got this purpose On Thu, Oct 2, 2014 at 1:13 PM, Paul Stewart via Af <af@afmug.com> wrote: CentOS+BIND+Webmin J I can’t remember but Usermin might be the part you’re looking for specific to users updating their own DNS….. From: Af [mailto:af-boun...@afmug.com] On Behalf Of That One Guy via Af Sent: Thursday, October 02, 2014 1:21 PM To: af@afmug.com Subject: [AFMUG] DNS server for guys who dont want to be gurus Is there a good, simple package for locally hosted DNS Servers for people like me who dont want to get too far into managing the linux at a granular level? we are used to the webmin interface. It would be nice if it had the option to set up client accounts for some clients to manage their own DNS but not view others, but thats in no way a deal breaker -- All parts should go together without forcing. You must remember that the parts you are reassembling were disassembled by you. Therefore, if you can't get them together again, there must be a reason. By all means, do not use a hammer. -- IBM maintenance manual, 1925 -- All parts should go together without forcing. You must remember that the parts you are reassembling were disassembled by you. Therefore, if you can't get them together again, there must be a reason. By all means, do not use a hammer. -- IBM maintenance manual, 1925 -- All parts should go together without forcing. You must remember that the parts you are reassembling were disassembled by you. Therefore, if you can't get them together again, there must be a reason. By all means, do not use a hammer. -- IBM maintenance manual, 1925
