Re: [gentoo-user] Re: Secure DNS servers

2014-06-17 Thread Alan McKinnon
On 17/06/2014 16:48, Eray Aslan wrote: > On Mon, Jun 16, 2014 at 07:57:31PM +, James wrote: >> Any guidance of those? > > When I have a choice, I go with nsd for authoritive and with unbound for > recursive dns servers. Bind is also a popular alternative. > >> Anyone and Everyone is encourag

Re: [gentoo-user] Re: Secure DNS servers

2014-06-17 Thread Eray Aslan
On Mon, Jun 16, 2014 at 07:57:31PM +, James wrote: > Any guidance of those? When I have a choice, I go with nsd for authoritive and with unbound for recursive dns servers. Bind is also a popular alternative. > Anyone and Everyone is encouraged to "chime in" on dns server Try to seperate you

[gentoo-user] Re: Secure DNS servers

2014-06-16 Thread James
thegeezer thegeezer.net> writes: > > I'm researching where we run all sorts of applications very securely, > > for one person at a time. It's eventually (hopefully) going to be > > a full LMS Learning Management system, something comprehensive, maybe even > > www-apps/moodle and or SWAD. Eventua

Re: [gentoo-user] Re: Secure DNS servers

2014-06-16 Thread thegeezer
On 06/16/2014 10:08 PM, James wrote: > thegeezer thegeezer.net> writes: > >> generally using something like ISC BIND you can set filters and easily >> create an external view and internal view, so that you can do split dns >> based on network connection. if doing something like this test it and >

Re: [gentoo-user] Re: Secure DNS servers

2014-06-16 Thread Michael Orlitzky
On 06/16/2014 03:57 PM, James wrote: > >> There's a video of DJB at the 27c3 conference floating around where he >> discusses some of this stuff. Some of his points shouldn't be taken >> seriously, but it's entertaining nevertheless. > > I thought DJB was mostly deprecated. He's still preaching d

[gentoo-user] Re: Secure DNS servers

2014-06-16 Thread James
thegeezer thegeezer.net> writes: > > generally using something like ISC BIND you can set filters and easily > create an external view and internal view, so that you can do split dns > based on network connection. if doing something like this test it and > then test it again to make sure there i

Re: [gentoo-user] Re: Secure DNS servers

2014-06-16 Thread thegeezer
On 06/16/2014 08:57 PM, James wrote: > Michael Orlitzky gentoo.org> writes: > >> On 06/16/2014 02:15 PM, James wrote: >>> Hello, >>> >>> I'm reading up on how to secure DNS primary and secondary servers. >>> I guess DNSSEC is pretty important. Any other areas I should read >>> up on? It's been a

[gentoo-user] Re: Secure DNS servers

2014-06-16 Thread James
Michael Orlitzky gentoo.org> writes: > > On 06/16/2014 02:15 PM, James wrote: > > Hello, > > > > I'm reading up on how to secure DNS primary and secondary servers. > > I guess DNSSEC is pretty important. Any other areas I should read > > up on? It's been a few years since I admin'd a dns serve