LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   Best OS for a BEST DNS server (https://www.linuxquestions.org/questions/linux-networking-3/best-os-for-a-best-dns-server-146276/)

freelinuxcpp 02-15-2004 04:14 AM
Best OS for a BEST DNS server
 
hello every 1
i wanna hear ur point of view about a DNS server i want to set
firstly i have to shose a good OS for this , i m used to use many Linux distro and also a *BSD one , but for the most secure / good performance DNS server i dont really what to shose , i m thaught about debian , but i found multiple vulnerability on each version , then i thought about openBSD whish has a good security reputation , but don't really know if it's as faster as debian linux ......
any advices are welcome

chort 02-15-2004 04:38 AM
Well with DNS servers, generally you don't have a lot of disk IO as the DNS cache is written to memory. However, if you update the records a lot that could cause significant IO. Depending on how busy the system will be and how much it will have to access disk, that may or may not be a consideration for the OS (how fast can different OSs access disk under very high load).

In generally for a DNS server you want:
Something with very good security (it's going to be highly visible and accessible)
Excellent network performance

Personally, I recommend OpenBSD for any system that needs to be highly exposed. In some benchmarks, OpenBSD didn't do as well as other systems in performance, but many of those tests simulated conditions more like serving a large amount of web pages, and also the way the tests were constructed and controlled was very poor, so the results can't be trusted that much.

OpenBSD can handle network conditions very well (you can use the built-in packet filter to protect against SYN floods, prioritize traffic, etc). It also chroot's BIND by default (if you choose to go with BIND), and it supports DJBDNS if you don't want to use BIND.

Other choices might be FreeBSD or NetBSD, since they both have excellent performance and also have their own packet filters.

You could use Linux, although you would want to find a distro that installs very few packages by default and has a good security record. A lot of the Linux distros install a very excessive amount of software packages by default, and some of the common applications link against a huge number of unnecessary libraries. If you choose to go with Linux, be extremely careful and make sure to thoroughly harden the system before you attach it to the network.

OpenBSD and NetBSD don't have nearly as many problems as most Linux distros, because they only install a few applications by default, and all the dangerous network daemons are in the most secure configuration by default.

Last, if SMP is a requirement, then you'll need to use FreeBSD, NetBSD, or Linux as OpenBSD doesn't support it (but generally one very fast processor does better than a couple of slightly slower CPUs, and would you really need SMP for a DNS server?).

german 02-15-2004 08:55 PM
OpenBSD. Easy and fast if you aren't scared of writing master zone records by hand.

B.

freelinuxcpp 02-16-2004 06:02 AM
well first thanx for the replys ,
i guess i ll use debian or open bsd, debian by default installs very few packages when we precise a basic installation , and it's bind9 seems to be as performante as any other linux distro
i have a Compaq ML370 machine i don't know if this is compatible with openBSD , at the end i have to test it before , i also think to write a script to add , remove zone automatically !
y the way i don't scare about :D


All times are GMT -5. The time now is 01:11 AM.