>On Thu, 05 Jul 2012 18:02:47 -0500 >Bruce Dubbs <[email protected]> wrote: > > Aleksandar Kuktin wrote: > > Hi guys! > > > > I have a question. I want to have my own DNS server. The main reason > > for this is to increase fault tolerance of my computer, make > > browsing the Web and Internet faster and more enjoyable and have a > > local miror of as much of the Internet as possible. > > > > But I am lost as to what DNS server I should put. > > > > For now, I want to run the server on my computer, serving only my > > computer. I will firewall it from the rest of the world. Later, > > when I move to my own place, I want it to run on a dedicated > > "master of the network" machine, serving the whole home. > > > > I was originaly going to go with BIND, but I have cold feet now > > because of it's many security holes, the ones they still keep > > discovering all the time. > > Which ones are those? I don't follow it closely any more, but bind-9 > has been pretty good AFAIK. The older versions (5, 8) did have a > reputation for problems, but I think 9 is OK.
Okay, I let it slip here. I am subscribed to an aggregator of several distro security maillists and a few weeks ago there were a lot of fixes for BIND 9 coming in from there. Not that I actually took the time to look them over, they turned out to be a crash on an zero-length RDATA field and a defect in the DNS protocol. I do not consider crashes (Denials of Service) to be real security problems and the other one is not specific to BIND. I have also read that BIND 9 is secure, but am sometimes (all the time) paranoid. > Also, I would kind-of like to avoid reading a huge manual to > > set it up in a simple enviroment like this. > > Use the instructions in the bind configuration section of the book. > As far a bind goes, just make sure it uses udp and not tcp. The > problems in the past have been with regard to zone transfers, but > those only occur with tcp. > > Another reference that looks OK is > http://en.gentoo-wiki.com/wiki/HOWTO_Setup_a_DNS_Server_with_BIND > > On the other hand, using something without reading a huge manual can > be a problem. You need to know what you are doing when working with > low level internet protocols. > > -- Bruce Well, I made BIND run. Ended up reading most of the big fat manual so no time and effort savings there. But I had a lot of fun setting up my own top-level domain. :) Unfortunately, I only have one machine so all domains resolve to 127.0.0.1. The performance increase is admirable and about what I expected. However, I do have a problem with the perisheable cache. One of the alternatives, pdnsd, writes its cache to disk on shutdown and re-reads it on startup. This enables it to carry the cache over the power cycle, a feature I would like to have. Is there a way to make BIND do the same? I went over the configuration options in BIND Administrator Reference Manual but found nothing. Maybe there is something in the source tree? I should probably look there too. -- Fourth law of programming: Anything that can go wrong wi sendmail: segmentation violation - core dumped -- http://linuxfromscratch.org/mailman/listinfo/blfs-support FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
