On Mon, Jun 16, 2014 at 07:57:31PM +0000, James wrote: > Any guidance of those?
When I have a choice, I go with nsd for authoritive and with unbound for recursive dns servers. Bind is also a popular alternative. > Anyone and Everyone is encouraged to "chime in" on dns server Try to seperate your authorative and recursive dns servers. Learn to use dig. On Mon, Jun 16, 2014 at 02:49:39PM -0400, Michael Orlitzky wrote: > iptables -A INPUT -p ALL -m conntrack --ctstate ESTABLISHED,RELATED > \ > -j ACCEPT Careful with conntrack. It is OK for a home/hobby server. For a high volume dns server, you don't want to reach conntrack limits before you reach the limits of your dns software - which are usually much higher. A stateful firewall for a dns server is not always a good choice - do not make it easier to DoS. -- Eray Aslan <e...@gentoo.org>
