To throw my 2 cents in, +1 for Ajenti for managing servers, I've used webmin and ajenti both and like the performance/stripped down approach of Ajenti better. Also +1 for cPanel once you get into allowing customers to manage/update DNS on their own. We host our own DNS server that is locked for our use, and sell hosting packages on another with cPanel, we've moved several customers over, and besides the occasional enterprise with a random computer trying to force a DNS update, it works well.
Nicholas Eastman Royell Communications, Inc. (217) 965-3699 1-877-400-9319 nic.east...@royell.org On Fri, Oct 3, 2014 at 9:10 AM, Josh Baird via Af <af@afmug.com> wrote: > If it's BIND 9.8.2 from the CentOS updates repositories, it's patched. It > won't contain non-security related features of later versions, but it has > been patched for any security related stuff. The internal patch/version > level of the package is denoted in the RPM's filename for EL. > > On Fri, Oct 3, 2014 at 9:57 AM, Ken Hohhof via Af <af@afmug.com> wrote: > >> I don’t think so. >> >> *From:* Adam Moffett via Af <af@afmug.com> >> *Sent:* Friday, October 03, 2014 8:34 AM >> *To:* af@afmug.com >> *Subject:* Re: [AFMUG] DNS server for guys who dont want to be gurus >> >> It may be 9.8.2 with security fixes backported from later versions. >> >> >> I would disagree, didn’t Steve say the latest he updated to was 9.8.2? >> >> https://kb.isc.org/article/AA-00913/0/BIND-9-Security-Vulnerability-Matrix.html >> >> ISC shows 9.8.8 EOL as of September 2014, so 9.8.2 is quite a few >> versions old. With all the DNS amplification attacks and these zero day >> exploits coming out all the time, I’d want to be pretty current, plus I >> believe 9.10 gives you RRL in your toolbox to deal with attacks although >> I’ll admit I haven’t had time to experiment with it. >> >> >> *From:* Mike Hammett via Af <af@afmug.com> >> *Sent:* Friday, October 03, 2014 6:10 AM >> *To:* af@afmug.com >> *Subject:* Re: [AFMUG] DNS server for guys who dont want to be gurus >> >> The server based distributions like CentOS\RHEL and Debian generally >> are close to current regarding security updates even if they don't have the >> latest version. >> >> >> >> ----- >> Mike Hammett >> Intelligent Computing Solutions >> http://www.ics-il.com >> >> ------------------------------ >> *From: *"Ken Hohhof via Af" mailto:af@afmug.com <af@afmug.com> >> >> *To: *af@afmug.com >> *Sent: *Thursday, October 2, 2014 5:30:01 PM >> *Subject: *Re: [AFMUG] DNS server for guys who dont want to be gurus >> >> You need a named.conf that defines the slave zones and the IP address >> of the master. >> >> But first step is to download/compile/install the latest version of BIND, >> it’s actually quite easy. I doubt you can get the version you want via yum >> update because CentOS is based on RHEL which is always a few steps behind. >> Given the DNS attacks, you want the latest BIND. You might then want to >> lock out the package from being updated by yum. >> >> >> *From:* That One Guy via Af <af@afmug.com> >> *Sent:* Thursday, October 02, 2014 4:36 PM >> *To:* af@afmug.com >> *Subject:* Re: [AFMUG] DNS server for guys who dont want to be gurus >> >> So Im at a new Centos with webmin fresh bind install. >> We have one master, one slave server >> I have never set up bind, this was done before me. >> If I were to take down the old slave server and bring this one up on its >> IP will the master update this one, or is there a config I need to move >> over. Im more comfotable doing the slave first. >> These are all webmin, but the original is ubuntu and the new is centos >> >> On Thu, Oct 2, 2014 at 2:00 PM, Paul Stewart via Af <af@afmug.com> wrote: >> >>> I always install CentOS bare bones …. “minimal server” is what the >>> installation will call it. This way you can install whatever you like >>> after installation and not worry about removing many dozen packages you >>> don’t need… >>> >>> >>> >>> Just my preference anyways…. >>> >>> >>> >>> *From:* Af [mailto:af-boun...@afmug.com] *On Behalf Of *That One Guy >>> via Af >>> *Sent:* Thursday, October 02, 2014 2:24 PM >>> *To:* af@afmug.com >>> *Subject:* Re: [AFMUG] DNS server for guys who dont want to be gurus >>> >>> >>> >>> 2 questions in this >>> >>> 1. when running through the current centos installation, what do i >>> select for the server type, for powercode it says select basic server >>> >>> 2. is there a guide for building dedicated centos servers based on >>> server purpose? I assume there are packages I dont need to install if its >>> only got this purpose >>> >>> >>> >>> On Thu, Oct 2, 2014 at 1:13 PM, Paul Stewart via Af <af@afmug.com> >>> wrote: >>> >>> CentOS+BIND+Webmin J I can’t remember but Usermin might be the part >>> you’re looking for specific to users updating their own DNS….. >>> >>> >>> >>> >>> >>> >>> >>> *From:* Af [mailto:af-boun...@afmug.com] *On Behalf Of *That One Guy >>> via Af >>> *Sent:* Thursday, October 02, 2014 1:21 PM >>> *To:* af@afmug.com >>> *Subject:* [AFMUG] DNS server for guys who dont want to be gurus >>> >>> >>> >>> Is there a good, simple package for locally hosted DNS Servers for >>> people like me who dont want to get too far into managing the linux at a >>> granular level? we are used to the webmin interface. It would be nice if it >>> had the option to set up client accounts for some clients to manage their >>> own DNS but not view others, but thats in no way a deal breaker >>> >>> >>> >>> -- >>> >>> All parts should go together without forcing. You must remember that the >>> parts you are reassembling were disassembled by you. Therefore, if you >>> can't get them together again, there must be a reason. By all means, do not >>> use a hammer. -- IBM maintenance manual, 1925 >>> >>> >>> >>> >>> >>> -- >>> >>> All parts should go together without forcing. You must remember that the >>> parts you are reassembling were disassembled by you. Therefore, if you >>> can't get them together again, there must be a reason. By all means, do not >>> use a hammer. -- IBM maintenance manual, 1925 >>> >> >> >> >> -- >> All parts should go together without forcing. You must remember that the >> parts you are reassembling were disassembled by you. Therefore, if you >> can't get them together again, there must be a reason. By all means, do not >> use a hammer. -- IBM maintenance manual, 1925 >> >> >> >> >
