Alan McKinnon <alan.mckinnon <at> gmail.com> writes:
> > These are the (2) net facing primary and slave dns servers, just for the > > few domain names I willauthenticate. They'll be behind a firewall > > (iptables/dmz) with no internal zone information. Strictly auth, public > > facing, with DNSsec. > Then you need your chosen name server (bind), your chosen fw ruleset > generators (iptables, maybe some other front end) and maybe fail2ban or > one of it's friends if you find some port gets hammered. fail2ban. an excellent additional package. > How much ram do you think you need? The idea is to minimize the ram footprint. -Os in the make.conf file should keep things small, with little performance degradation. Profile:: [1] default/linux/amd64/13.0 * Do you think I can keep the HD size (ide-CompactFlash) below 4 gig? I did years ago on a gentoo firewall circa 2009. Tricks for OS size minimization are the focus now. > > Bind9, dnssec-tools, iptables:: any other packages relevant/germane > > on a amd-default profile [1] ? > Yes, that's about it. > Add in all the other usual server stuff you like to use - monitoring, > logging, notifications, mail, whatever mailx, another good idea. OK, now a minimized set of flag setting for make.conf:: USE="-8 ncurses ssl crypt berkdb pam perl pcre python readline zlib bzip2 nptl syslog" were the flags on that minimzed gentoo (firewall) systems; further reducing the globals flag is warranted? Any suggestions on flag minimization? with:: CFLAGS=" -march=native -Os -pipe" I hope I can get the total size @ or below 3 GB, as I have several 4 GB CF cards on hand; other suggestions? James
