Re: feedback on a good DNS server
On Wed, Mar 09, 2005 at 02:00:50PM -0800, John Pettitt wrote: Paul Schmehl wrote: --On Wednesday, March 09, 2005 04:42:46 PM -0500 Ean Kingston [EMAIL PROTECTED] wrote: I belive Bind is still included with the base FreeBSD OS. I've used it in the past and never had any problems with it. As always, YMMV. Has had being the operative phrase - that would be bind 4 and bind 8 - bind 9 which is a rewrite has a pretty solid record - also in the ports tree. BIND 9 is not only in the ports tree, it's the default bundled with FreeBSD 5.x: % dig @localhost version.bind CHAOS TXT [...] ;; ANSWER SECTION: version.bind. 0 CH TXT 9.3.0 But, more to the point, running the stock BIND in a chroot jail is completely automatic nowadays. All you need do is put 'named_enable=YES' into /etc/rc.conf. Performs well enough to serve typical home uses no problem. Bind 9.3.1 is on the horizon, and I hear that the plan is to build that threaded by default, which will improve responsiveness for more demanding environments. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 8 Dane Court Manor School Rd PGP: http://www.infracaninophile.co.uk/pgpkey Tilmanstone Tel: +44 1304 617253 Kent, CT14 0JL UK pgp0v8Poqj3cD.pgp Description: PGP signature
Re: feedback on a good DNS server
Oh, and c) djbdns isn't Free or Open Source by any definition of either phrase. That's not important to some people, but others consider it kind of important. Dan has given explicit permission to read, compile, modify and use the source code of djbdns. The only restriction is that you may not distribute any modified code (enterprising people could modify and distribute the source with deliberately placed bugs in order to try to claim the djb 'Security Guarantee' - at least that's the theory). http://cr.yp.to/distributors.html Mark -- PGP: http://www.darklogik.org/pub/pgp/pgp.txt B776 43DC 8A5D EAF9 2126 9A67 A7DA 390F DEFF 9DD1 pgppLEHvBV8dN.pgp Description: PGP signature
Re: feedback on a good DNS server
On Wednesday 09 March 2005 22:22, you wrote: Dan has given explicit permission to read, compile, modify and use the source code of djbdns. From http://www.qmail.org/not-open-source.html: For a program to be open source, you must be able to, among other things, change the source and redistribute it. DJB prohibits distribution of modified code and so programs which are so-licensed are not open source. In other words, people who aren't the Free Software Foundation or OSI also agree that Dan's license isn't an Open Source license. As I said, though, whether that's good, bad, or irrelevant is up to the administrator. It's just something that many people aren't aware of but would be interested in. -- Kirk Strauser pgpjGKGQuYDdn.pgp Description: PGP signature
Re: feedback on a good DNS server
Dan has given explicit permission to read, compile, modify and use the source code of djbdns. From http://www.qmail.org/not-open-source.html: For a program to be open source, you must be able to, among other things, change the source and redistribute it. DJB prohibits distribution of modified code and so programs which are so-licensed are not open source. In other words, people who aren't the Free Software Foundation or OSI also agree that Dan's license isn't an Open Source license. As I said, though, whether that's good, bad, or irrelevant is up to the administrator. It's just something that many people aren't aware of but would be interested in. Good point. I suppose it's also a matter of the definition of 'Open Source'. For me, open source equates to 'I can read the code to see if it's trustworthy and can compile it so I know that I got what I read' but you're right, it doesn't pass the 'official' definition. Mark -- PGP: http://www.darklogik.org/pub/pgp/pgp.txt B776 43DC 8A5D EAF9 2126 9A67 A7DA 390F DEFF 9DD1 pgpdK93RGWXnK.pgp Description: PGP signature
Re: feedback on a good DNS server
sn1tch writes: I am looking into setting up a DNS server on our network using an existing FreeBSD box. I have been looking around and reading comments on different DNS servers out their but everyone has mixed feelings. I know someone who uses BIND and is happy with it .. is their any reason why BIND wouldn't be a good choice? All i need is to have DNS running on a webserver so we can host our site internally...any feedback on this setup and/or DNS server is appreciated BIND works great for me on my little LAN. -- Anthony ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
feedback on a good DNS server
I am looking into setting up a DNS server on our network using an existing FreeBSD box. I have been looking around and reading comments on different DNS servers out their but everyone has mixed feelings. I know someone who uses BIND and is happy with it .. is their any reason why BIND wouldn't be a good choice? All i need is to have DNS running on a webserver so we can host our site internally...any feedback on this setup and/or DNS server is appreciated Thanks in advance ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: feedback on a good DNS server
I am looking into setting up a DNS server on our network using an existing FreeBSD box. I have been looking around and reading comments on different DNS servers out their but everyone has mixed feelings. I know someone who uses BIND and is happy with it .. is their any reason why BIND wouldn't be a good choice? All i need is to have DNS running on a webserver so we can host our site internally...any feedback on this setup and/or DNS server is appreciated I belive Bind is still included with the base FreeBSD OS. I've used it in the past and never had any problems with it. As always, YMMV. -- Ean Kingston E-Mail: ean_AT_hedron_DOT_org PGP KeyID: 1024D/CBC5D6BB URL: http://www.hedron.org/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: feedback on a good DNS server
--On Wednesday, March 09, 2005 04:42:46 PM -0500 Ean Kingston [EMAIL PROTECTED] wrote: I am looking into setting up a DNS server on our network using an existing FreeBSD box. I have been looking around and reading comments on different DNS servers out their but everyone has mixed feelings. I know someone who uses BIND and is happy with it .. is their any reason why BIND wouldn't be a good choice? All i need is to have DNS running on a webserver so we can host our site internally...any feedback on this setup and/or DNS server is appreciated I belive Bind is still included with the base FreeBSD OS. I've used it in the past and never had any problems with it. As always, YMMV. If you're concerned about security, BIND has had a large number of security problems. DJBDNS is in /usr/ports/dns/ and it's very easy to setup and very easy to use. More responsive than BIND as well, and you don't have to figure out the esoteric syntax that BIND requires. Paul Schmehl ([EMAIL PROTECTED]) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: feedback on a good DNS server
Paul Schmehl wrote: --On Wednesday, March 09, 2005 04:42:46 PM -0500 Ean Kingston [EMAIL PROTECTED] wrote: I am looking into setting up a DNS server on our network using an existing FreeBSD box. I have been looking around and reading comments on different DNS servers out their but everyone has mixed feelings. I know someone who uses BIND and is happy with it .. is their any reason why BIND wouldn't be a good choice? All i need is to have DNS running on a webserver so we can host our site internally...any feedback on this setup and/or DNS server is appreciated I belive Bind is still included with the base FreeBSD OS. I've used it in the past and never had any problems with it. As always, YMMV. If you're concerned about security, BIND has had a large number of security problems. DJBDNS is in /usr/ports/dns/ and it's very easy to setup and very easy to use. More responsive than BIND as well, and you don't have to figure out the esoteric syntax that BIND requires. Has had being the operative phrase - that would be bind 4 and bind 8 - bind 9 which is a rewrite has a pretty solid record - also in the ports tree. The argument against DJBDNS comes down to a) DJB annoys a lot of people and b) some of those people thinkg DJBDNS is not standards compliant. This argument is about as accurate as the bind not secure argument - they both may have a grain of truth in the past. The DNS discussion is a lot like the Linux vs BSD discussion - it's a religious issue (strongly held views not always supported by facts) John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: feedback on a good DNS server
On Wednesday 09 March 2005 04:00 pm, John Pettitt wrote: The argument against DJBDNS comes down to a) DJB annoys a lot of people and b) some of those people thinkg DJBDNS is not standards compliant. Erm, b is definitely true. It doesn't support IXFR or NOTIFY, so if you plan on slaving another zone (or having another server slave one of your zones), then you're expected to install rsync and get your peer to do the same. Oh, and c) djbdns isn't Free or Open Source by any definition of either phrase. That's not important to some people, but others consider it kind of important. -- Kirk Strauser pgpf5zsx3GSn1.pgp Description: PGP signature
