LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 01-20-2009, 09:08 AM   #1
permalac
Member
 
Registered: Jul 2007
Location: Barcelona
Posts: 115

Rep: Reputation: 16
Best OS for a bind9 ?


Hello,

on our company we are going to install a bind9 dns servers.


There is any best operative system to run it?

I would have to be the maintainer, so I'm thinking about a cron job to update it, good backup system and nothing else. So i really don't care if the OS is new for me.


Many thanks.


Marc
 
Old 01-20-2009, 09:10 AM   #2
robertjinx
Member
 
Registered: Oct 2007
Location: Prague, CZ
Distribution: RedHat / CentOS / Ubuntu / SUSE / Debian
Posts: 561

Rep: Reputation: 58
I would go for CentOS 5, its stable, proper packing and quite secure, but most of people will say Debian

So good luck!
 
Old 01-20-2009, 09:27 AM   #3
rweaver
Senior Member
 
Registered: Dec 2008
Location: Louisville, OH
Distribution: Debian, CentOS, Slackware, RHEL, Gentoo
Posts: 1,833

Rep: Reputation: 163Reputation: 163
Quote:
Originally Posted by permalac View Post
There is any best operative system to run it?
I would suggest debian because you can strip it down to just what you need more easily than centos. Almost any server linux distribution will function here though, take the one you like the best and find the easiest to maintain. Just keep the desktop stuff off of it and you'll have no significant problems.

My personal top three choices would be Debian, Slackware, and CentOS.

Last edited by rweaver; 01-20-2009 at 09:29 AM.
 
Old 01-20-2009, 01:05 PM   #4
robertjinx
Member
 
Registered: Oct 2007
Location: Prague, CZ
Distribution: RedHat / CentOS / Ubuntu / SUSE / Debian
Posts: 561

Rep: Reputation: 58
Thats crap, "You can strip down Debian", this actually means you don't know much about Linux or the other distro's.

Any distro can be done as the "admin" wants to. You just need to know how, also if you are a newbie then CentOS is more serious, most of Debian releases are unstable releases, insecure new packages which don't give a lot of sense for a serious server and lets not talk about a newbie, which can't maybe make the difference between them.

I'm using both of the distro, and have use more during time, at the moment CentOS is what means server, maybe some would say Suse, but in general CentOS is an enterprise OS.

Also if you want easy, try Ubuntu Server, Fedora, Mandriva, OpenSuse, but I do not recommend any of them, also neither Slackware, is superb but not for newbie.
 
Old 01-21-2009, 04:22 AM   #5
permalac
Member
 
Registered: Jul 2007
Location: Barcelona
Posts: 115

Original Poster
Rep: Reputation: 16
Thanks folks.

For me debian and centos makes no difference, i run both of them on production sites.

I was thinking about bsd or unix like, but if you say centos or debian, I'll go on debian.


Another question is: it's necessary to chroot the bind9 stuff?
I guess not, if i go with last stable version should be no problem, isn't it?
 
Old 01-21-2009, 10:38 AM   #6
rweaver
Senior Member
 
Registered: Dec 2008
Location: Louisville, OH
Distribution: Debian, CentOS, Slackware, RHEL, Gentoo
Posts: 1,833

Rep: Reputation: 163Reputation: 163
Quote:
Originally Posted by robertjinx View Post
Thats crap, "You can strip down Debian", this actually means you don't know much about Linux or the other distro's.

Any distro can be done as the "admin" wants to. You just need to know how, also if you are a newbie then CentOS is more serious, most of Debian releases are unstable releases, insecure new packages which don't give a lot of sense for a serious server and lets not talk about a newbie, which can't maybe make the difference between them.

I'm using both of the distro, and have use more during time, at the moment CentOS is what means server, maybe some would say Suse, but in general CentOS is an enterprise OS.

Also if you want easy, try Ubuntu Server, Fedora, Mandriva, OpenSuse, but I do not recommend any of them, also neither Slackware, is superb but not for newbie.
Wow. I think that covers it. I don't even need to reply, you made it abundantly clear what your knowledge level is.
 
Old 01-21-2009, 10:49 AM   #7
rweaver
Senior Member
 
Registered: Dec 2008
Location: Louisville, OH
Distribution: Debian, CentOS, Slackware, RHEL, Gentoo
Posts: 1,833

Rep: Reputation: 163Reputation: 163
Quote:
Originally Posted by permalac View Post
Thanks folks.

For me debian and centos makes no difference, i run both of them on production sites.

I was thinking about bsd or unix like, but if you say centos or debian, I'll go on debian.


Another question is: it's necessary to chroot the bind9 stuff?
I guess not, if i go with last stable version should be no problem, isn't it?
*BSD is not a bad choice at all and certain distributions definitely make a nod towards security in a more significant way than most linux distributions, but I really don't know your experience level with *nix is in general and based on my experience-- linux is a multitude easier to install and use, and more forgiving with hardware. The last time I installed bind9 from a package manager (centos5) I used the chrooted version and I would recommend you still chroot bind and avoid running it as root. I'm honestly not sure if the debian packaged version is chrooted by default or not as the last couple times I installed it on debian it was via source because I wanted a newer version than was available in stable (9.3.4). In general it hasn't had the security issues of previous versions of bind, but I still don't have a tremendous amount of trust for it.
 
Old 01-21-2009, 11:58 AM   #8
robertjinx
Member
 
Registered: Oct 2007
Location: Prague, CZ
Distribution: RedHat / CentOS / Ubuntu / SUSE / Debian
Posts: 561

Rep: Reputation: 58
Thats funny, easy to judge, hard to give advice.

Good luck on your bind search
 
Old 01-21-2009, 05:26 PM   #9
permalac
Member
 
Registered: Jul 2007
Location: Barcelona
Posts: 115

Original Poster
Rep: Reputation: 16
Quote:
Originally Posted by rweaver View Post
*BSD is not a bad choice at all and certain distributions definitely make a nod towards security in a more significant way than most linux distributions, but I really don't know your experience level with *nix is in general and based on my experience-- linux is a multitude easier to install and use, and more forgiving with hardware. The last time I installed bind9 from a package manager (centos5) I used the chrooted version and I would recommend you still chroot bind and avoid running it as root. I'm honestly not sure if the debian packaged version is chrooted by default or not as the last couple times I installed it on debian it was via source because I wanted a newer version than was available in stable (9.3.4). In general it hasn't had the security issues of previous versions of bind, but I still don't have a tremendous amount of trust for it.
I have no knowledge of *nix, i've installed some versions on my laptod and computers but I never gone futher than that.

Thinking about by needs, I thought that install the base+bind + update each week it's not that hard. bind is just a txt file if i'm not wrong.

On the other side, you have done a point. I should look for the versions on each stable release. There is any site where I can compare a package version on many distributions?(google says no)
 
Old 01-21-2009, 05:27 PM   #10
permalac
Member
 
Registered: Jul 2007
Location: Barcelona
Posts: 115

Original Poster
Rep: Reputation: 16
Quote:
Originally Posted by robertjinx View Post
Thats funny, easy to judge, hard to give advice.

Good luck on your bind search
Don't take it too hard, but looks like you have had a bad experience with debian. Give it another chance.
 
Old 01-21-2009, 06:17 PM   #11
chrism01
Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.5, Centos 5.10
Posts: 16,239

Rep: Reputation: 2024Reputation: 2024Reputation: 2024Reputation: 2024Reputation: 2024Reputation: 2024Reputation: 2024Reputation: 2024Reputation: 2024Reputation: 2024Reputation: 2024
@Permalac: well, CENTOS is a free version of RHEL which is definitely production grade and updated regularly.
I'd go with that. Always gives you the option to easily convert over to RHEL if your management want paid support, even if its just for that warm fuzzy feeling.
 
Old 01-21-2009, 07:40 PM   #12
jschiwal
Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654
You might want to pick up a book on Linux Security and securing bastion servers. After striping out everything you don't need and maybe even rebuilding the kernel with fewer features and ideally even LKM support deselected, what you will end up with won't resemble the original distribution much. You will be stripping out may of the features that distinguish one distribution from the other. You are off to a good start by letting the DNS server server only one function. That makes it easier to strip it down, removing unneeded packages. This makes a server more secure because there is a smaller attack surface.

If you want SELinux security protection, then start with Fedora, RHEL, or Centos. If you want AppArmor instead, start with SuSE. You will still have the advantage of security patches being packaged and distributed by the distro, but your system may resemble an LFS or roll your own more than a work station installation of the same distro.

IMHO, if you already use a particular distribution, stick with it. That way, you already know how to administer it. There will just be less to administer without X or common apps and utilities installed.

Last edited by jschiwal; 01-21-2009 at 07:43 PM.
 
Old 01-21-2009, 07:50 PM   #13
r1d3r
Member
 
Registered: May 2008
Location: Glendale, CA
Distribution: ubuntu 12.04
Posts: 146

Rep: Reputation: 22
Talking

Quote:
Originally Posted by robertjinx View Post
Thats crap
Quote:
Originally Posted by robertjinx View Post
most of Debian releases are unstable releases, insecure new packages which don't give a lot of sense for a serious server.
Bind these !
 
Old 01-22-2009, 01:18 AM   #14
robertjinx
Member
 
Registered: Oct 2007
Location: Prague, CZ
Distribution: RedHat / CentOS / Ubuntu / SUSE / Debian
Posts: 561

Rep: Reputation: 58
I don't hate Debian, or Debian based distro's. I just consider for a production environment we cant talk about distro's like Debian, Slackware and so on. To be honest my "true love " is Slackware, always was, but I am working in an enterprise environment and you cant play with Debian and Slack or whatever.

Myself I use all of them when I get the time to it, I have Ubuntu Desktop, Ubuntu Server, CentOS 5 32bit and 64bit, had Fedora, OpenSuSE, Desbian, Slack, but for me when it comes to servers, the best stable job is done by CentOS, when it comes to desktops Ubuntu or maybe Fedora or maybe Debian.

Dont understand me wrong, any of you, Im not say to "DO NOT USE DEBIAN", Im just saying depends on how serious is the server, that my point.
 
Old 01-22-2009, 08:08 AM   #15
rweaver
Senior Member
 
Registered: Dec 2008
Location: Louisville, OH
Distribution: Debian, CentOS, Slackware, RHEL, Gentoo
Posts: 1,833

Rep: Reputation: 163Reputation: 163
Quote:
Originally Posted by permalac View Post
I have no knowledge of *nix, i've installed some versions on my laptod and computers but I never gone futher than that.

Thinking about by needs, I thought that install the base+bind + update each week it's not that hard. bind is just a txt file if i'm not wrong.

On the other side, you have done a point. I should look for the versions on each stable release. There is any site where I can compare a package version on many distributions?(google says no)
Yes, you can do at least some level of comparison at http://distrowatch.com/. (Select a distribution out of the list and most of the major ones will have all the major packages and what revision they're using, you can compare between them that way.)

Pretty much most of the players who are "server" grade are running 9.3.4 (with a variable patch level) right now. Debian, CentOS (RHEL), Novell, etc. If you goto more cutting edge distributions which aren't necessarily suited for server use in my opinion you start getting into much more updated versions... Arch 9.5.0P2, Gentoo 9.4.3p1, Fedora 10 9.5.1b2, etc.

If you have reason to need one of the newer revisions of bind you'll be compiling it on most server type distributions. Almost all the major distributions will roll out patches to fix any major security flaws between releases, but not for features. So unless you need a feature that's unavailable in the older version it shouldn't matter.

Last edited by rweaver; 01-22-2009 at 08:34 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
a little help with BIND9 rockmanchile Debian 3 05-22-2007 06:40 PM
Bind9.3 MX Help Fredstar Linux - Networking 1 04-15-2007 10:57 PM
Bind9 help!! Fredstar Linux - Newbie 10 08-30-2005 09:47 PM
Bind9 tandre Linux - Software 1 04-08-2003 09:29 AM
bind9 unixkid Linux - Networking 3 08-30-2002 02:43 AM


All times are GMT -5. The time now is 10:57 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration