Running on Windows can be fine if you know what you're doing. Just can't be any random Windows user, though...
----- Mike Hammett Intelligent Computing Solutions http://www.ics-il.com ----- Original Message ----- From: "Eric Kuhnke via Af" <af@afmug.com> To: af@afmug.com Sent: Friday, October 3, 2014 1:28:21 PM Subject: Re: [AFMUG] DNS server for guys who dont want to be gurus If you're an ISP and you run back-end infrastructure on Windows, I feel sorry for you.... On Fri, Oct 3, 2014 at 11:23 AM, That One Guy via Af < af@afmug.com > wrote: simpledns is windows based though, even though microsoft is pretty much giving away virtual server licenses these days, theres still that cost, and I just dont like exposing windows to the world, which is odd because Im a windows guy. Another reason is if there is a windows server, somebody will install software to it. On Fri, Oct 3, 2014 at 10:40 AM, Nicholas Eastman via Af < af@afmug.com > wrote: <blockquote> To throw my 2 cents in, +1 for Ajenti for managing servers, I've used webmin and ajenti both and like the performance/stripped down approach of Ajenti better. Also +1 for cPanel once you get into allowing customers to manage/update DNS on their own. We host our own DNS server that is locked for our use, and sell hosting packages on another with cPanel, we've moved several customers over, and besides the occasional enterprise with a random computer trying to force a DNS update, it works well. Nicholas Eastman Royell Communications, Inc. (217) 965-3699 1-877-400-9319 nic.east...@royell.org On Fri, Oct 3, 2014 at 9:10 AM, Josh Baird via Af < af@afmug.com > wrote: <blockquote> If it's BIND 9.8.2 from the CentOS updates repositories, it's patched. It won't contain non-security related features of later versions, but it has been patched for any security related stuff. The internal patch/version level of the package is denoted in the RPM's filename for EL. On Fri, Oct 3, 2014 at 9:57 AM, Ken Hohhof via Af < af@afmug.com > wrote: <blockquote> I don’t think so. From: Adam Moffett via Af Sent: Friday, October 03, 2014 8:34 AM To: af@afmug.com Subject: Re: [AFMUG] DNS server for guys who dont want to be gurus It may be 9.8.2 with security fixes backported from later versions. <blockquote> I would disagree, didn’t Steve say the latest he updated to was 9.8.2? https://kb.isc.org/article/AA-00913/0/BIND-9-Security-Vulnerability-Matrix.html ISC shows 9.8.8 EOL as of September 2014, so 9.8.2 is quite a few versions old. With all the DNS amplification attacks and these zero day exploits coming out all the time, I’d want to be pretty current, plus I believe 9.10 gives you RRL in your toolbox to deal with attacks although I’ll admit I haven’t had time to experiment with it. From: Mike Hammett via Af Sent: Friday, October 03, 2014 6:10 AM To: af@afmug.com Subject: Re: [AFMUG] DNS server for guys who dont want to be gurus The server based distributions like CentOS\RHEL and Debian generally are close to current regarding security updates even if they don't have the latest version. ----- Mike Hammett Intelligent Computing Solutions http://www.ics-il.com From: "Ken Hohhof via Af" mailto:af@afmug.com To: af@afmug.com Sent: Thursday, October 2, 2014 5:30:01 PM Subject: Re: [AFMUG] DNS server for guys who dont want to be gurus You need a named.conf that defines the slave zones and the IP address of the master. But first step is to download/compile/install the latest version of BIND, it’s actually quite easy. I doubt you can get the version you want via yum update because CentOS is based on RHEL which is always a few steps behind. Given the DNS attacks, you want the latest BIND. You might then want to lock out the package from being updated by yum. From: That One Guy via Af Sent: Thursday, October 02, 2014 4:36 PM To: af@afmug.com Subject: Re: [AFMUG] DNS server for guys who dont want to be gurus So Im at a new Centos with webmin fresh bind install. We have one master, one slave server I have never set up bind, this was done before me. If I were to take down the old slave server and bring this one up on its IP will the master update this one, or is there a config I need to move over. Im more comfotable doing the slave first. These are all webmin, but the original is ubuntu and the new is centos On Thu, Oct 2, 2014 at 2:00 PM, Paul Stewart via Af < af@afmug.com > wrote: <blockquote> I always install CentOS bare bones …. “minimal server” is what the installation will call it. This way you can install whatever you like after installation and not worry about removing many dozen packages you don’t need… Just my preference anyways…. From: Af [mailto: af-boun...@afmug.com ] On Behalf Of That One Guy via Af Sent: Thursday, October 02, 2014 2:24 PM To: af@afmug.com Subject: Re: [AFMUG] DNS server for guys who dont want to be gurus 2 questions in this 1. when running through the current centos installation, what do i select for the server type, for powercode it says select basic server 2. is there a guide for building dedicated centos servers based on server purpose? I assume there are packages I dont need to install if its only got this purpose On Thu, Oct 2, 2014 at 1:13 PM, Paul Stewart via Af < af@afmug.com > wrote: <blockquote> CentOS+BIND+Webmin J I can’t remember but Usermin might be the part you’re looking for specific to users updating their own DNS….. From: Af [mailto: af-boun...@afmug.com ] On Behalf Of That One Guy via Af Sent: Thursday, October 02, 2014 1:21 PM To: af@afmug.com Subject: [AFMUG] DNS server for guys who dont want to be gurus Is there a good, simple package for locally hosted DNS Servers for people like me who dont want to get too far into managing the linux at a granular level? we are used to the webmin interface. It would be nice if it had the option to set up client accounts for some clients to manage their own DNS but not view others, but thats in no way a deal breaker -- All parts should go together without forcing. You must remember that the parts you are reassembling were disassembled by you. Therefore, if you can't get them together again, there must be a reason. By all means, do not use a hammer. -- IBM maintenance manual, 1925 -- All parts should go together without forcing. You must remember that the parts you are reassembling were disassembled by you. Therefore, if you can't get them together again, there must be a reason. By all means, do not use a hammer. -- IBM maintenance manual, 1925 </blockquote> -- All parts should go together without forcing. You must remember that the parts you are reassembling were disassembled by you. Therefore, if you can't get them together again, there must be a reason. By all means, do not use a hammer. -- IBM maintenance manual, 1925 </blockquote> </blockquote> </blockquote> </blockquote> -- All parts should go together without forcing. You must remember that the parts you are reassembling were disassembled by you. Therefore, if you can't get them together again, there must be a reason. By all means, do not use a hammer. -- IBM maintenance manual, 1925 </blockquote>
