RE: DNS Servers

2014-01-10 Thread James M. Pulver
: owner-scientific-linux-us...@listserv.fnal.gov [mailto:owner-scientific-linux-us...@listserv.fnal.gov] On Behalf Of Nico Kadel-Garcia Sent: Friday, January 10, 2014 12:36 AM To: Jeremy Wellner Cc: owner-scientific-linux-us...@listserv.fnal.gov; SCIENTIFIC-LINUX-USERS@FNAL.GOV Subject: Re: DNS Servers

Re: DNS Servers

2014-01-10 Thread Nico Kadel-Garcia
AD is fine with a delegated domain. Allow zone transfers so the BIND server can generate reverse DNS with mkrdns Nico Kadel-Garcia Email: nka...@gmail.com Sent from iPhone On Jan 9, 2014, at 21:37, Jeremy Wellner jwell...@stanwood.wednet.edu wrote: That's a resounding stay the course and I

Re: DNS Servers

2014-01-10 Thread Jeremy Wellner
Excellent feedback guys! Thank you all so much!!! :) Jeremy On Fri, Jan 10, 2014 at 6:32 AM, Nico Kadel-Garcia nka...@gmail.com wrote: AD is fine with a delegated domain. Allow zone transfers so the BIND server can generate reverse DNS with mkrdns Nico Kadel-Garcia Email:

Re: DNS Servers

2014-01-09 Thread Steven Haigh
On 10/01/2014 11:16 AM, Jeremy Wellner wrote: I've been using BIND on RHEL5 for years and it's come time to overhaul those venerable DNS boxes. I've seen alot of alternatives like NSD, PowerDNS, YADIFA, and others but I'm wondering what experience has been with going to something other than

Re: DNS Servers

2014-01-09 Thread Paul Robert Marino
hours. I tend to use appliances for my core DNS servers where ever possible because there are a lot of really good ones and I have support staff time limitations, but I also use Bind 9 slave servers to handle most of the actual query traffic because it reduces my support and equipment costs

Re: DNS Servers

2014-01-09 Thread Paul Robert Marino
I in theory would like webmin for this in a fast and dirty development environment, but it still has too many infosec problems for my taste for production.In the past when I had the time and work driven focus to harden webmin with only custom module which all used sudo for an appliance I was able

Re: DNS Servers

2014-01-09 Thread Paul Robert Marino
Its doable to have bind be your DNS for AD it just takes some work and planing. The primary thing is make sure dynamic DNS works properly.The big catches there are making sure you have the right Service entries and ensuring dynamic DNS works correctly. By the way neither of theism are AD specific

Re: DNS Servers

2014-01-09 Thread Nico Kadel-Garcia
AD does many things, many of them quite badly. If you need an drop-in authentication server, you might consider if y9ou really need AD, or if Samba 4.1.x will do the job. I've got RPM building tools for that at https://github.com/nkadel/samba4repo, and they work well on Scientific Linux 6 with