Re: tinydns/djbdns opinion poll

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Message-ID: <4991E3B7.6090503@xxxxxxxxxxxxxxx>

On: Tue, 10 Feb 2009 12:29:43 -0800, Florin Andrei
<florin@xxxxxxxxxxxxxxx> wrote:

>Jake wrote:
>>
>> We're about to start moving our public DNS to in-house managed
>> servers. My first thought was "Linux + BIND" and we're done.
>> Someone in another business unit's IT dept. has suggested
>> tinydns be used.
>
> But things have changed. Nowadays Bind is solid enough. If
> you're still worried about security issues (you shouldn't,
> but I'm assuming the paranoid scenario) then CentOS has a
> good SELinux policy around it, so just install the latest
> CentOS, keep SELinux enabled, do a "yum update" every once
> in a while, and be at peace. By the way, this is also the
> most sweat-free solution from a sysadmining perspective.

With one very large caveat.

Be aware that updating bind via yum can result in your existing bind
configuration files being renamed to something.rmpsave and your name
server left in a dysfunctional state. I suggest that you consider
excluding bind from normal updates and only update it when you are
ready and able to check for possible configuration issues.


-- 
***          E-Mail is NOT a SECURE channel          ***
James B. Byrne                mailto:ByrneJB@xxxxxxxxxxxxx
Harte & Lyne Limited          http://www.harte-lyne.ca
9 Brockley Drive              vox: +1 905 561 1241
Hamilton, Ontario             fax: +1 905 561 0757
Canada  L8E 3C3

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux