Re: [CentOS] djbdns under CentOS7: startup and socket issues
On Fri, Oct 17, 2014 at 6:49 PM, James Hogarth james.hoga...@gmail.com wrote: On 17 Oct 2014 23:32, Boris Epstein borepst...@gmail.com wrote: Hello all, I am trying to get djbdns ( http://en.wikipedia.org/wiki/Djbdns ) running on CentOS 7. So far I have wirtten the djbdns.service and djbdns.socket files. The sockets (TCP and UDP 53) for some reason would not start and I don't know how to debug that; I was under the impression it used daemontools and listened directly on the ports rather than an inetd style behaviour of being triggered and having the connection handed to it like socket based behaviour would require... It seems unlikely you'd need a socket unit. the service does start but only when I start it manually by running systemctl start djbdns This strongly indicates you don't need the socket as socket based services are not stated by calling start on their service file. You will need to add a wantedby multi-user.target to the [install] part of that service file and then call systemctl enable djbdns So, I am a real noob when it comes to systemd, hence any advice on how to proceed will be much appreciated. I'd ask why you want to use djbdns rather than the DNS server provided by the CentOS distribution. If security is your concern then SELinux confined bind (in a chroot as well if you like) is supported directly by the distribution packages so you can be sure of updates and this list plus the IRC channel can support that - unlike your custom compiled djbdns. If you wanted to be extremely paranoid you could configure the systemd unit for BIND to hide all but a select number of directories too... Which is technically more powerful than the chroot as it makes use of kernel namespaces. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos James, Good points. sshd is not a telnetd-type servide yet it uses a .socket file. So I thought djbdns should as well. As for why DJBDNS - we have used it for a long time due to the security advantages. And yes, BIND is now much better than it used to be and we may switch to it at some point but for now we are still trying to get DJBDNS to work. I am close - when I start it manually and when I use it locally. So all I need to do is figure out how to start it automatically as well as how to open the necessary ports in the firewall. Thanks. Boris. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] djbdns under CentOS7: startup and socket issues
On 20 Oct 2014 12:41, Boris Epstein borepst...@gmail.com wrote: sshd is not a telnetd-type servide yet it uses a .socket file. So I thought djbdns should as well. It can be run that way as an option: http://0pointer.de/blog/projects/inetd.html As for why DJBDNS - we have used it for a long time due to the security advantages. And yes, BIND is now much better than it used to be and we may switch to it at some point but for now we are still trying to get DJBDNS to work. If you are using the 1.05 tar from the djb site this is a very bad idea - see previous links for reasons. I am close - when I start it manually and when I use it locally. So all I need to do is figure out how to start it automatically as well as how to open the necessary ports in the firewall. The correct answer here to ease your maintenance burden if you insist in djbdns is to use the ndjbdns package in epel that has already been mentioned. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] djbdns under CentOS7: startup and socket issues
On Fri, Oct 17, 2014 at 5:31 PM, Boris Epstein borepst...@gmail.com wrote: Hello all, I am trying to get djbdns ( http://en.wikipedia.org/wiki/Djbdns ) running on CentOS 7. There's an ndjbdns in EPEL - is that something different? -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] djbdns under CentOS7: startup and socket issues
On 17 Oct 2014 23:32, Boris Epstein borepst...@gmail.com wrote: Hello all, I am trying to get djbdns ( http://en.wikipedia.org/wiki/Djbdns ) running on CentOS 7. So far I have wirtten the djbdns.service and djbdns.socket files. The sockets (TCP and UDP 53) for some reason would not start and I don't know how to debug that; I was under the impression it used daemontools and listened directly on the ports rather than an inetd style behaviour of being triggered and having the connection handed to it like socket based behaviour would require... It seems unlikely you'd need a socket unit. the service does start but only when I start it manually by running systemctl start djbdns This strongly indicates you don't need the socket as socket based services are not stated by calling start on their service file. You will need to add a wantedby multi-user.target to the [install] part of that service file and then call systemctl enable djbdns So, I am a real noob when it comes to systemd, hence any advice on how to proceed will be much appreciated. I'd ask why you want to use djbdns rather than the DNS server provided by the CentOS distribution. If security is your concern then SELinux confined bind (in a chroot as well if you like) is supported directly by the distribution packages so you can be sure of updates and this list plus the IRC channel can support that - unlike your custom compiled djbdns. If you wanted to be extremely paranoid you could configure the systemd unit for BIND to hide all but a select number of directories too... Which is technically more powerful than the chroot as it makes use of kernel namespaces. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] djbdns under CentOS7: startup and socket issues
On Fri, Oct 17, 2014 at 6:42 PM, Les Mikesell lesmikes...@gmail.com wrote: On Fri, Oct 17, 2014 at 5:31 PM, Boris Epstein borepst...@gmail.com wrote: Hello all, I am trying to get djbdns ( http://en.wikipedia.org/wiki/Djbdns ) running on CentOS 7. There's an ndjbdns in EPEL - is that something different? -- Les Mikesell lesmikes...@gmail.com ___ Les, Thanks, I don't know but I will look into it! Boris. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] djbdns under CentOS7: startup and socket issues
On 17 Oct 2014 23:50, Boris Epstein borepst...@gmail.com wrote: On Fri, Oct 17, 2014 at 6:42 PM, Les Mikesell lesmikes...@gmail.com wrote: On Fri, Oct 17, 2014 at 5:31 PM, Boris Epstein borepst...@gmail.com wrote: Hello all, I am trying to get djbdns ( http://en.wikipedia.org/wiki/Djbdns ) running on CentOS 7. There's an ndjbdns in EPEL - is that something different? Thanks, I don't know but I will look into it! This is a fork of djbdns due to lack of maintenance. http://samiam.org/blog/20110103.html Note it is better to use the epel package than compile your own djbdns from the crypto site and package it poorly... However I still question why bother using this over BIND on a C7 system ... ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] djbdns under CentOS7: startup and socket issues
On 2014-10-17, Boris Epstein borepst...@gmail.com wrote: I am trying to get djbdns ( http://en.wikipedia.org/wiki/Djbdns ) running on CentOS 7. Is there a particular reason you prefer djbdns? In my experience it is extremely difficult to use without DJB's daemontools, and its zone file syntax is very nonstandard. --keith -- kkel...@wombat.san-francisco.ca.us ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
