Andreas Maus wrote:
Very true :-)
long time back I did this on my firewalls
http://cr.yp.to/djbdns/install.html
http://cr.yp.to/djbdns/run-cache-x.html
I installed djbdns/dnscache from DJB some years ago because
of this problem. It gives you a DNS cache too so
you clients DNS lookups will speed up, especially if
your line to your ISP is nearly saturated.
I used a real old Pentium 120 with 64MB RAM and give
the DNS cache about 30 MB and that was a good thing
(tm) for my small network (5 active users).
after having used djbdns for a while i must suggest you not use it. when
i used to use it there was some problem where windows machines could not
query the server and i would have to restart it. the commands to
manipulate djbdns, which do not have manpages AFAICR, and its logs
totally suck, IMO. just one more thing to remember when doing admin work.
i've been using the BIND that comes with openbsd for ~6 months now and
it works great. not to mention there's also a systrace policy for it
sitting in /etc/systrace, in case you're paranoid. there are no
superfluous commands to remember either.
Although the djbdns is a old package, it is reliable and secure
with a small memory footprint. (It is not in the ports because of
the copyright issues I guess).
you could use bind that comes with the base also :-)
Thats also a solution. But for small LANs I recommend
djbdns because I am a "DJB fanatic" ;)
can't say i've tried qmail, but after running djbdns for a while (~1.5
years) i'm very much disinclined to use any of DJB's software. also, if
i'm not mistaken, there have been very few updates to djbdns's source
during the past 2 years.
cheers,
jake
HTH,
Andreas.
