If you're an ISP and you run back-end infrastructure on Windows, I feel sorry for you....
On Fri, Oct 3, 2014 at 11:23 AM, That One Guy via Af <[email protected]> wrote: > simpledns is windows based though, even though microsoft is pretty much > giving away virtual server licenses these days, theres still that cost, and > I just dont like exposing windows to the world, which is odd because Im a > windows guy. > Another reason is if there is a windows server, somebody will install > software to it. > > On Fri, Oct 3, 2014 at 10:40 AM, Nicholas Eastman via Af <[email protected]> > wrote: > >> To throw my 2 cents in, +1 for Ajenti for managing servers, I've used >> webmin and ajenti both and like the performance/stripped down approach of >> Ajenti better. Also +1 for cPanel once you get into allowing customers to >> manage/update DNS on their own. We host our own DNS server that is locked >> for our use, and sell hosting packages on another with cPanel, we've moved >> several customers over, and besides the occasional enterprise with a random >> computer trying to force a DNS update, it works well. >> >> Nicholas Eastman >> Royell Communications, Inc. >> (217) 965-3699 >> 1-877-400-9319 >> [email protected] >> >> On Fri, Oct 3, 2014 at 9:10 AM, Josh Baird via Af <[email protected]> wrote: >> >>> If it's BIND 9.8.2 from the CentOS updates repositories, it's patched. >>> It won't contain non-security related features of later versions, but it >>> has been patched for any security related stuff. The internal >>> patch/version level of the package is denoted in the RPM's filename for EL. >>> >>> On Fri, Oct 3, 2014 at 9:57 AM, Ken Hohhof via Af <[email protected]> wrote: >>> >>>> I don’t think so. >>>> >>>> *From:* Adam Moffett via Af <[email protected]> >>>> *Sent:* Friday, October 03, 2014 8:34 AM >>>> *To:* [email protected] >>>> *Subject:* Re: [AFMUG] DNS server for guys who dont want to be gurus >>>> >>>> It may be 9.8.2 with security fixes backported from later versions. >>>> >>>> >>>> I would disagree, didn’t Steve say the latest he updated to was 9.8.2? >>>> >>>> https://kb.isc.org/article/AA-00913/0/BIND-9-Security-Vulnerability-Matrix.html >>>> >>>> ISC shows 9.8.8 EOL as of September 2014, so 9.8.2 is quite a few >>>> versions old. With all the DNS amplification attacks and these zero day >>>> exploits coming out all the time, I’d want to be pretty current, plus I >>>> believe 9.10 gives you RRL in your toolbox to deal with attacks although >>>> I’ll admit I haven’t had time to experiment with it. >>>> >>>> >>>> *From:* Mike Hammett via Af <[email protected]> >>>> *Sent:* Friday, October 03, 2014 6:10 AM >>>> *To:* [email protected] >>>> *Subject:* Re: [AFMUG] DNS server for guys who dont want to be gurus >>>> >>>> The server based distributions like CentOS\RHEL and Debian generally >>>> are close to current regarding security updates even if they don't have the >>>> latest version. >>>> >>>> >>>> >>>> ----- >>>> Mike Hammett >>>> Intelligent Computing Solutions >>>> http://www.ics-il.com >>>> >>>> ------------------------------ >>>> *From: *"Ken Hohhof via Af" mailto:[email protected] <[email protected]> >>>> >>>> *To: *[email protected] >>>> *Sent: *Thursday, October 2, 2014 5:30:01 PM >>>> *Subject: *Re: [AFMUG] DNS server for guys who dont want to be gurus >>>> >>>> You need a named.conf that defines the slave zones and the IP address >>>> of the master. >>>> >>>> But first step is to download/compile/install the latest version of >>>> BIND, it’s actually quite easy. I doubt you can get the version you want >>>> via yum update because CentOS is based on RHEL which is always a few steps >>>> behind. Given the DNS attacks, you want the latest BIND. You might then >>>> want to lock out the package from being updated by yum. >>>> >>>> >>>> *From:* That One Guy via Af <[email protected]> >>>> *Sent:* Thursday, October 02, 2014 4:36 PM >>>> *To:* [email protected] >>>> *Subject:* Re: [AFMUG] DNS server for guys who dont want to be gurus >>>> >>>> So Im at a new Centos with webmin fresh bind install. >>>> We have one master, one slave server >>>> I have never set up bind, this was done before me. >>>> If I were to take down the old slave server and bring this one up on >>>> its IP will the master update this one, or is there a config I need to move >>>> over. Im more comfotable doing the slave first. >>>> These are all webmin, but the original is ubuntu and the new is centos >>>> >>>> On Thu, Oct 2, 2014 at 2:00 PM, Paul Stewart via Af <[email protected]> >>>> wrote: >>>> >>>>> I always install CentOS bare bones …. “minimal server” is what the >>>>> installation will call it. This way you can install whatever you like >>>>> after installation and not worry about removing many dozen packages you >>>>> don’t need… >>>>> >>>>> >>>>> >>>>> Just my preference anyways…. >>>>> >>>>> >>>>> >>>>> *From:* Af [mailto:[email protected]] *On Behalf Of *That One Guy >>>>> via Af >>>>> *Sent:* Thursday, October 02, 2014 2:24 PM >>>>> *To:* [email protected] >>>>> *Subject:* Re: [AFMUG] DNS server for guys who dont want to be gurus >>>>> >>>>> >>>>> >>>>> 2 questions in this >>>>> >>>>> 1. when running through the current centos installation, what do i >>>>> select for the server type, for powercode it says select basic server >>>>> >>>>> 2. is there a guide for building dedicated centos servers based on >>>>> server purpose? I assume there are packages I dont need to install if its >>>>> only got this purpose >>>>> >>>>> >>>>> >>>>> On Thu, Oct 2, 2014 at 1:13 PM, Paul Stewart via Af <[email protected]> >>>>> wrote: >>>>> >>>>> CentOS+BIND+Webmin J I can’t remember but Usermin might be the part >>>>> you’re looking for specific to users updating their own DNS….. >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> *From:* Af [mailto:[email protected]] *On Behalf Of *That One Guy >>>>> via Af >>>>> *Sent:* Thursday, October 02, 2014 1:21 PM >>>>> *To:* [email protected] >>>>> *Subject:* [AFMUG] DNS server for guys who dont want to be gurus >>>>> >>>>> >>>>> >>>>> Is there a good, simple package for locally hosted DNS Servers for >>>>> people like me who dont want to get too far into managing the linux at a >>>>> granular level? we are used to the webmin interface. It would be nice if >>>>> it >>>>> had the option to set up client accounts for some clients to manage their >>>>> own DNS but not view others, but thats in no way a deal breaker >>>>> >>>>> >>>>> >>>>> -- >>>>> >>>>> All parts should go together without forcing. You must remember that >>>>> the parts you are reassembling were disassembled by you. Therefore, if you >>>>> can't get them together again, there must be a reason. By all means, do >>>>> not >>>>> use a hammer. -- IBM maintenance manual, 1925 >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> >>>>> All parts should go together without forcing. You must remember that >>>>> the parts you are reassembling were disassembled by you. Therefore, if you >>>>> can't get them together again, there must be a reason. By all means, do >>>>> not >>>>> use a hammer. -- IBM maintenance manual, 1925 >>>>> >>>> >>>> >>>> >>>> -- >>>> All parts should go together without forcing. You must remember that >>>> the parts you are reassembling were disassembled by you. Therefore, if you >>>> can't get them together again, there must be a reason. By all means, do not >>>> use a hammer. -- IBM maintenance manual, 1925 >>>> >>>> >>>> >>>> >>> >> > > > -- > All parts should go together without forcing. You must remember that the > parts you are reassembling were disassembled by you. Therefore, if you > can't get them together again, there must be a reason. By all means, do not > use a hammer. -- IBM maintenance manual, 1925 >
