We are running Centos6 with bind9.9 currently.
On 10/03/2014 08:46 AM, Josh Baird via Af wrote:
Yeah. RHEL/CentOS backport security patches. To quote myself from a
previous email in this thread:
CentOS doesn't have the latest and greatest packages because it's
upstream is RHEL. This is the nature of "enterprise linux." They
don't have major package revisions during the entire lifecycle of any
given major version (ie, RHEL5/6/7) and they backport security fixes
and patches.
On Fri, Oct 3, 2014 at 9:30 AM, Ken Hohhof via Af <af@afmug.com
<mailto:af@afmug.com>> wrote:
I would disagree, didn’t Steve say the latest he updated to was 9.8.2?
https://kb.isc.org/article/AA-00913/0/BIND-9-Security-Vulnerability-Matrix.html
ISC shows 9.8.8 EOL as of September 2014, so 9.8.2 is quite a few
versions old. With all the DNS amplification attacks and these
zero day exploits coming out all the time, I’d want to be pretty
current, plus I believe 9.10 gives you RRL in your toolbox to deal
with attacks although I’ll admit I haven’t had time to experiment
with it.
*From:* Mike Hammett via Af <mailto:af@afmug.com>
*Sent:* Friday, October 03, 2014 6:10 AM
*To:* af@afmug.com <mailto:af@afmug.com>
*Subject:* Re: [AFMUG] DNS server for guys who dont want to be gurus
The server based distributions like CentOS\RHEL and Debian
generally are close to current regarding security updates even if
they don't have the latest version.
-----
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com
------------------------------------------------------------------------
*From: *"Ken Hohhof via Af" <af@afmug.com <mailto:af@afmug.com>>
*To: *af@afmug.com <mailto:af@afmug.com>
*Sent: *Thursday, October 2, 2014 5:30:01 PM
*Subject: *Re: [AFMUG] DNS server for guys who dont want to be gurus
You need a named.conf that defines the slave zones and the IP
address of the master.
But first step is to download/compile/install the latest version
of BIND, it’s actually quite easy. I doubt you can get the
version you want via yum update because CentOS is based on RHEL
which is always a few steps behind. Given the DNS attacks, you
want the latest BIND. You might then want to lock out the package
from being updated by yum.
*From:* That One Guy via Af <mailto:af@afmug.com>
*Sent:* Thursday, October 02, 2014 4:36 PM
*To:* af@afmug.com <mailto:af@afmug.com>
*Subject:* Re: [AFMUG] DNS server for guys who dont want to be gurus
So Im at a new Centos with webmin fresh bind install.
We have one master, one slave server
I have never set up bind, this was done before me.
If I were to take down the old slave server and bring this one up
on its IP will the master update this one, or is there a config I
need to move over. Im more comfotable doing the slave first.
These are all webmin, but the original is ubuntu and the new is centos
On Thu, Oct 2, 2014 at 2:00 PM, Paul Stewart via Af <af@afmug.com
<mailto:af@afmug.com>> wrote:
I always install CentOS bare bones …. “minimal server” is what
the installation will call it. This way you can install
whatever you like after installation and not worry about
removing many dozen packages you don’t need…
Just my preference anyways….
*From:*Af [mailto:af-boun...@afmug.com
<mailto:af-boun...@afmug.com>] *On Behalf Of *That One Guy via Af
*Sent:* Thursday, October 02, 2014 2:24 PM
*To:* af@afmug.com <mailto:af@afmug.com>
*Subject:* Re: [AFMUG] DNS server for guys who dont want to be
gurus
2 questions in this
1. when running through the current centos installation, what
do i select for the server type, for powercode it says select
basic server
2. is there a guide for building dedicated centos servers
based on server purpose? I assume there are packages I dont
need to install if its only got this purpose
On Thu, Oct 2, 2014 at 1:13 PM, Paul Stewart via Af
<af@afmug.com <mailto:af@afmug.com>> wrote:
CentOS+BIND+Webmin JI can’t remember but Usermin might be
the part you’re looking for specific to users updating
their own DNS…..
*From:*Af [mailto:af-boun...@afmug.com
<mailto:af-boun...@afmug.com>] *On Behalf Of *That One Guy
via Af
*Sent:* Thursday, October 02, 2014 1:21 PM
*To:* af@afmug.com <mailto:af@afmug.com>
*Subject:* [AFMUG] DNS server for guys who dont want to be
gurus
Is there a good, simple package for locally hosted DNS
Servers for people like me who dont want to get too far
into managing the linux at a granular level? we are used
to the webmin interface. It would be nice if it had the
option to set up client accounts for some clients to
manage their own DNS but not view others, but thats in no
way a deal breaker
--
All parts should go together without forcing. You must
remember that the parts you are reassembling were
disassembled by you. Therefore, if you can't get them
together again, there must be a reason. By all means, do
not use a hammer. -- IBM maintenance manual, 1925
--
All parts should go together without forcing. You must
remember that the parts you are reassembling were disassembled
by you. Therefore, if you can't get them together again, there
must be a reason. By all means, do not use a hammer. -- IBM
maintenance manual, 1925
--
All parts should go together without forcing. You must remember
that the parts you are reassembling were disassembled by you.
Therefore, if you can't get them together again, there must be a
reason. By all means, do not use a hammer. -- IBM maintenance
manual, 1925
