t: Friday, October 3, 2014 1:28:21 PM
Subject: Re: [AFMUG] DNS server for guys who dont want to be gurus
If you're an ISP and you run back-end infrastructure on Windows, I feel sorry
for you
On Fri, Oct 3, 2014 at 11:23 AM, That One Guy via Af < af@afmug.com > wrote:
si
https://kb.isc.org/article/AA-00913/0/BIND-9-Security-Vulnerability-Matrix.html
>>>>
>>>> ISC shows 9.8.8 EOL as of September 2014, so 9.8.2 is quite a few
>>>> versions old. With all the DNS amplification attacks and these zero day
>>>> exploits coming
Oct 3, 2014 at 9:57 AM, Ken Hohhof via Af wrote:
>>
>>> I don’t think so.
>>>
>>> *From:* Adam Moffett via Af
>>> *Sent:* Friday, October 03, 2014 8:34 AM
>>> *To:* af@afmug.com
>>> *Subject:* Re: [AFMUG] DNS server for guys who dont w
t to be pretty current, plus I
>> believe 9.10 gives you RRL in your toolbox to deal with attacks although
>> I’ll admit I haven’t had time to experiment with it.
>>
>>
>> *From:* Mike Hammett via Af
>> *Sent:* Friday, October 03, 2014 6:10 AM
>> *To:*
October 3, 2014 8:30:01 AM
Subject: Re: [AFMUG] DNS server for guys who dont want to be gurus
I would disagree, didn’t Steve say the latest he updated to was 9.8.2?
https://kb.isc.org/article/AA-00913/0/BIND-9-Security-Vulnerability-Matrix.html
ISC shows 9.8.8 EOL as of September 2014, so 9
One time cost
From: Af [mailto:af-boun...@afmug.com] On Behalf Of Adam Moffett via Af
Sent: Friday, October 03, 2014 11:13 AM
To: af@afmug.com
Subject: Re: [AFMUG] DNS server for guys who dont want to be gurus
simpleDNS looks cheap. Is that a one time cost or do they do something
recurring
afmug.com
<mailto:af-boun...@afmug.com>] *On Behalf Of *Josh Baird via Af
*Sent:* Friday, October 03, 2014 9:47 AM
*To:* af@afmug.com <mailto:af@afmug.com>
*Subject:* Re: [AFMUG] DNS server for guys who dont want to be gurus
Yeah. RHEL/CentOS backport security patc
o:af-boun...@afmug.com
<mailto:af-boun...@afmug.com>] *On Behalf Of *Josh Baird via Af
*Sent:* Friday, October 03, 2014 9:47 AM
*To:* af@afmug.com <mailto:af@afmug.com>
*Subject:* Re: [AFMUG] DNS server for guys who dont want to be gurus
Yeah. RHEL/CentOS backport securi
r EL.
On Fri, Oct 3, 2014 at 9:57 AM, Ken Hohhof via Af wrote:
> I don’t think so.
>
> *From:* Adam Moffett via Af
> *Sent:* Friday, October 03, 2014 8:34 AM
> *To:* af@afmug.com
> *Subject:* Re: [AFMUG] DNS server for guys who dont want to be gurus
>
> It may be 9.8
ally are
> close to current regarding security updates even if they don't have the
> latest version.
>
>
>
> -
> Mike Hammett
> Intelligent Computing Solutions
> http://www.ics-il.com
>
>
> --
>
> *From: *"Ken Hohhof via Af"
> *To: *af@
*Sent:* Friday, October 03, 2014 6:10 AM
*To:* af@afmug.com <mailto:af@afmug.com>
*Subject:* Re: [AFMUG] DNS server for guys who dont want to be gurus
The server based distributions like CentOS\RHEL and Debian
generally are close to current regarding security updates
I don’t think so.
From: Adam Moffett via Af
Sent: Friday, October 03, 2014 8:34 AM
To: af@afmug.com
Subject: Re: [AFMUG] DNS server for guys who dont want to be gurus
It may be 9.8.2 with security fixes backported from later versions.
I would disagree, didn’t Steve say the latest he
I think a couple of us has mentioned SimpleDNS – 2 minute install – just works ☺
From: Af [mailto:af-boun...@afmug.com] On Behalf Of Josh Baird via Af
Sent: Friday, October 03, 2014 9:47 AM
To: af@afmug.com
Subject: Re: [AFMUG] DNS server for guys who dont want to be gurus
Yeah. RHEL/CentOS
ives you RRL in your toolbox to deal with attacks although I’ll admit I
> haven’t had time to experiment with it.
>
>
> *From:* Mike Hammett via Af
> *Sent:* Friday, October 03, 2014 6:10 AM
> *To:* af@afmug.com
> *Subject:* Re: [AFMUG] DNS server for guys who dont want to be
<mailto:af@afmug.com>
*Sent:* Friday, October 03, 2014 6:10 AM
*To:* af@afmug.com <mailto:af@afmug.com>
*Subject:* Re: [AFMUG] DNS server for guys who dont want to be gurus
The server based distributions like CentOS\RHEL and Debian generally
are close to current regarding security updates
l.com
From: "Ken Hohhof via Af"
To: af@afmug.com
Sent: Thursday, October 2, 2014 5:30:01 PM
Subject: Re: [AFMUG] DNS server for guys who dont want to be gurus
You need a named.conf that defines the slave zones and
ions
http://www.ics-il.com
- Original Message -
From: "Timothy D. McNabb via Af"
To: af@afmug.com
Sent: Thursday, October 2, 2014 6:26:19 PM
Subject: Re: [AFMUG] DNS server for guys who dont want to be gurus
I’ve never had a problem using yum and CentOS, you are right that
Hohhof via Af"
To: af@afmug.com
Sent: Thursday, October 2, 2014 5:30:01 PM
Subject: Re: [AFMUG] DNS server for guys who dont want to be gurus
You need a named.conf that defines the slave zones and the IP address of the
master.
But first step is to download/compile/install the latest
that include a DNS server
>> and management tool, at least for authoritative DNS?
>>
>> *From:* Josh Baird via Af
>> *Sent:* Thursday, October 02, 2014 9:19 PM
>> *To:* af@afmug.com
>> *Subject:* Re: [AFMUG] DNS server for guys who dont want to be gurus
>>
* Thursday, October 02, 2014 9:19 PM
*To:* af@afmug.com <mailto:af@afmug.com>
*Subject:* Re: [AFMUG] DNS server for guys who dont want to be gurus
There probably isn't. Use CentOS.
Josh
On Thu, Oct 2, 2014 at 9:34 PM, That One Guy via Af mailto:af@afmug.com>> wro
nt:* Thursday, October 02, 2014 9:19 PM
> *To:* af@afmug.com
> *Subject:* Re: [AFMUG] DNS server for guys who dont want to be gurus
>
> There probably isn't. Use CentOS.
>
> Josh
>
> On Thu, Oct 2, 2014 at 9:34 PM, That One Guy via Af wrote:
>
>> I dont want bleedin
looks like 9.8.8 is EOL last month, so i see what you guys are saying
>>>> about being behind
>>>> 9.9.6 and 9.10.1 are both listed as current and stable, but 9.9.6 says
>>>> Extended Support Version, what does that mean?
>>>>
>>>>> On
ustomer to do that.
>
> Steve, didn’t you say you had cPanel? Doesn’t that include a DNS server
> and management tool, at least for authoritative DNS?
>
> *From:* Josh Baird via Af
> *Sent:* Thursday, October 02, 2014 9:19 PM
> *To:* af@afmug.com
> *Subject:* Re: [AFMUG]
lt;mailto:af@afmug.com>
*Sent:* Thursday, October 02, 2014 9:19 PM
*To:* af@afmug.com <mailto:af@afmug.com>
*Subject:* Re: [AFMUG] DNS server for guys who dont want to be gurus
There probably isn't. Use CentOS.
Josh
On Thu, Oct 2, 2014 at 9:34 PM, That One Guy via Af <mailto:af@afmug.c
and management tool, at least for authoritative DNS?
>
> *From:* Josh Baird via Af
> *Sent:* Thursday, October 02, 2014 9:19 PM
> *To:* af@afmug.com
> *Subject:* Re: [AFMUG] DNS server for guys who dont want to be gurus
>
> There probably isn't. Use CentOS.
>
> Josh
>
: Josh Baird via Af
Sent: Thursday, October 02, 2014 9:19 PM
To: af@afmug.com
Subject: Re: [AFMUG] DNS server for guys who dont want to be gurus
There probably isn't. Use CentOS.
Josh
On Thu, Oct 2, 2014 at 9:34 PM, That One Guy via Af wrote:
I dont want bleeding edge, I like stable, a
see what you guys are
>>> saying about being behind
>>> 9.9.6 and 9.10.1 are both listed as current and stable, but 9.9.6 says
>>> Extended Support Version, what does that mean?
>>>
>>> On Thu, Oct 2, 2014 at 7:51 PM, That One Guy via Af
>>> wr
I think the main new feature in 9.10 is response rate limiting.
From: Josh Baird via Af
Sent: Thursday, October 02, 2014 8:08 PM
To: af@afmug.com
Subject: Re: [AFMUG] DNS server for guys who dont want to be gurus
You can if you use third party packages, but you don't need to unless you ne
Subject: Re: [AFMUG] DNS server for guys who dont want to be gurus
I already have installed bind through webmin, it is a newer version, just by
a couple revisions but the ubuntu one wont update any more
its BIND version 9.8.2
I can manually add the slave zone and test the transfer it
ume i cant update BIND beyong releases specific to CentOS?
>>>
>>> On Thu, Oct 2, 2014 at 7:28 PM, Ken Hohhof via Af wrote:
>>>
>>>> My BIND servers are on 9.10.0-P2.
>>>>
>>>> *From:* That One Guy via Af
>>>> *Sent:* Thu
PM, That One Guy via Af wrote:
>
>> i assume i cant update BIND beyong releases specific to CentOS?
>>
>> On Thu, Oct 2, 2014 at 7:28 PM, Ken Hohhof via Af wrote:
>>
>>> My BIND servers are on 9.10.0-P2.
>>>
>>> *From:* That One Guy via Af
>>
>> My BIND servers are on 9.10.0-P2.
>>
>> *From:* That One Guy via Af
>> *Sent:* Thursday, October 02, 2014 6:10 PM
>> *To:* af@afmug.com
>> *Subject:* Re: [AFMUG] DNS server for guys who dont want to be gurus
>>
>> I already have installed bin
PM
>> *To:* af@afmug.com
>> *Subject:* Re: [AFMUG] DNS server for guys who dont want to be gurus
>>
>> I already have installed bind through webmin, it is a newer version,
>> just by a couple revisions but the ubuntu one wont update any more
>> its BIND version 9.8
ant the latest BIND. You might then want to
>> lock out the package from being updated by yum.
>>
>>
>> *From:* That One Guy via Af
>> *Sent:* Thursday, October 02, 2014 4:36 PM
>> *To:* af@afmug.com
>> *Subject:* Re: [AFMUG] DNS server for guys who
My BIND servers are on 9.10.0-P2.
From: That One Guy via Af
Sent: Thursday, October 02, 2014 6:10 PM
To: af@afmug.com
Subject: Re: [AFMUG] DNS server for guys who dont want to be gurus
I already have installed bind through webmin, it is a newer version, just by a
couple revisions but the
that allows only our 3 /22’s to talk to them via udp.
>
>
>
> AFAIK the package for system-config-bind is still non-existent as of this
> writing for CentOS 6.
>
>
>
> -Tim
>
>
>
>
>
> *From:* Af [mailto:af-boun...@afmug.com] *On Behalf Of *That One Guy v
the package for system-config-bind is still non-existent as of this
writing for CentOS 6.
-Tim
From: Af [mailto:af-boun...@afmug.com] On Behalf Of That One Guy via Af
Sent: Thursday, October 02, 2014 4:10 PM
To: af@afmug.com
Subject: Re: [AFMUG] DNS server for guys who dont want to be gurus
I
ne Guy via Af
> *Sent:* Thursday, October 02, 2014 4:36 PM
> *To:* af@afmug.com
> *Subject:* Re: [AFMUG] DNS server for guys who dont want to be gurus
>
> So Im at a new Centos with webmin fresh bind install.
> We have one master, one slave server
> I have never set up bind,
few steps behind. Given the
DNS attacks, you want the latest BIND. You might then want to lock out the
package from being updated by yum.
From: That One Guy via Af
Sent: Thursday, October 02, 2014 4:36 PM
To: af@afmug.com
Subject: Re: [AFMUG] DNS server for guys who dont want to be gurus
So
14 2:24 PM
> *To:* af@afmug.com
> *Subject:* Re: [AFMUG] DNS server for guys who dont want to be gurus
>
>
>
> 2 questions in this
>
> 1. when running through the current centos installation, what do i select
> for the server type, for powercode it says select basic serve
] On Behalf Of That One Guy via Af
Sent: Thursday, October 02, 2014 2:24 PM
To: af@afmug.com
Subject: Re: [AFMUG] DNS server for guys who dont want to be gurus
2 questions in this
1. when running through the current centos installation, what do i select for
the server type, for powercode it
, 2014 2:25 PM
To: af@afmug.com
Subject: Re: [AFMUG] DNS server for guys who dont want to be gurus
You want to have domain level control for individual users.. webmin isn't the
best in that arena but if you're not adverse to spending a small amount of
money, take a look at Virtualmin.
guys who dont want to be gurus
BIND is your friend.
i'd also set iptables to only allow queries from your network.
On Thu, Oct 2, 2014 at 11:20 AM, That One Guy via Af <mailto:af@afmug.com>> wrote:
Is there a good, simple package for locally hosted DNS Servers for
people like me
, 2014 1:13:01 PM
Subject: Re: [AFMUG] DNS server for guys who dont want to be gurus
CentOS+BIND+Webmin :) I can’t remember but Usermin might be the part you’re
looking for specific to users updating their own DNS…..
From: Af [mailto:af-boun...@afmug.com] On Behalf Of That One Guy via A
g.com] *On Behalf Of *That One Guy via
> Af
> *Sent:* Thursday, October 02, 2014 1:21 PM
> *To:* af@afmug.com
> *Subject:* [AFMUG] DNS server for guys who dont want to be gurus
>
>
>
> Is there a good, simple package for locally hosted DNS Servers for people
> like me
server for guys who dont want to be gurus
Is there a good, simple package for locally hosted DNS Servers for people like
me who dont want to get too far into managing the linux at a granular level? we
are used to the webmin interface. It would be nice if it had the option to set
up client
Sent: Thursday, October 02, 2014 10:49 AM
To: af@afmug.com
Subject: Re: [AFMUG] DNS server for guys who dont want to be gurus
not just iptables, you can do it in bind9
in your named.conf.options:
acl allowedclients {
10.20.20.0/24<http://10.20.20.0/24>;
localhost;
localnets;
};
put your dif
I guess I should be asking, how do I replicate my environment to newer OS
This is an old Ubuntu server running BIND version 9.4.2 on webmin 1.710
>From the webmin interface is there a simple way to export the bind
configuration to import cleanly into a new server
We use CentOS for our billing serv
If you are more comfortable in the windows world, try http://www.simpledns.com/
--
Best regards,
Markmailto:m...@mailmt.com
Myakka Technologies, Inc.
www.MyakkaTech.com
Proud Sponsor of the Myakka City Relay For Life
http://www.RelayForLife.org/MyakkaCityFL
Pleas
This is a BIND dns server using webmin interface
when you say edit the file, that goes beyond what I want to do, I like
using the GUI from webmin
I like GUIs, because they remind me that I am incompetent, this helps to
keep me grounded and less cocky
On Thu, Oct 2, 2014 at 12:49 PM, Eric Kuhnke v
not just iptables, you can do it in bind9
in your named.conf.options:
acl allowedclients {
10.20.20.0/24;
localhost;
localnets;
};
put your different netblocks in there, 10.20.20.0/24 is an example
then further down in the same file, this is an example from my ns1
options {
directory "/v
SimpleDNS works great - 5+ years no issues -- SIMPLE
From: Af [mailto:af-boun...@afmug.com] On Behalf Of Sean Heskett via Af
Sent: Thursday, October 02, 2014 1:27 PM
To: af@afmug.com
Subject: Re: [AFMUG] DNS server for guys who dont want to be gurus
BIND is your friend.
i'd also set ipt
BIND is your friend.
i'd also set iptables to only allow queries from your network.
On Thu, Oct 2, 2014 at 11:20 AM, That One Guy via Af wrote:
> Is there a good, simple package for locally hosted DNS Servers for people
> like me who dont want to get too far into managing the linux at a granu
Is there a good, simple package for locally hosted DNS Servers for people
like me who dont want to get too far into managing the linux at a granular
level? we are used to the webmin interface. It would be nice if it had the
option to set up client accounts for some clients to manage their own DNS
b
54 matches
Mail list logo