bind9.8.1 concerns after replication to an Ubuntu 12.04 LTS host
Well, I told someone I would, so here it is.
My boss installed a server for a client on our grid and told me to replicate another bind9 host. Short version is I scp'd all the .hosts files over from the original server to the new one and bounced named. It seems to be doing the job. Those details are here... and now for the good stuff... Bosses answers are in red. The only reply I personally have for "why x or y or z" is "because he's the Boss", so don't go there. :) Security above all else. He understands and shares my concerns so if Security deems a change, things could be different. Q: Any particular reason for choosing Ubuntu LTS? A: Because it's an LTSQ: Did you make it a minimal OS installation? A: It's a standard install.Q: Any particular reason for choosing ISC BIND (PowerDNS, MaraDNS, Unbound, etc.)? A: Because it's Bind and it's well known and it's free and it's stableQ: Why for deities sake are your NS running Webmin? (You saw that question coming, right? ;-p) Of course A: Because it's Webmin and it's well known and it's free and it's stableQ: Do these machines have multiple Ethernet devices? A: Yes. Two. eth0 is the public IP. eth1 is the non-routable IP and is used by our grid infrastructure. It should never be involved in any DNS for the domain.com.Q: What tuning have you done so far? (Running iperf / Jperf is easy.) A: I haven't done any myself.Q: Same for hardening? A: ssh-keys only!!!Q: Are your NSes a mix of AWS instances and physical machines? A: (You lost me on this one and I suppose some context is needed (by me) to understand the Q.) There is just the one physical machine on the new grid. ns1.dom.com is another physical host on another one of our grids. There are no AWS instances involved.I suppose this new host to be a alternate nsN.domain.com for future use. I am guessing now that this host will become an Authoritative name server in the future...? /etc/bind/named.conf.options: Code:
options { Code:
include "/etc/bind/named.conf.options"; Code:
forwarders { I started with this... (getting started/recipe-type/howto...) My references are: BIND9ServerHowto Secure-and-Reliable-Authoritative-DNS-with-BIND Name_server (wikipedia) and I signed up at https://kb.isc.org If any further information is needed, fire away. Thank you for your time. JJ |
Quote:
Quote:
Quote:
Quote:
Quote:
Quote:
Quote:
Quote:
Quote:
Quote:
//NTLB |
All times are GMT -5. The time now is 08:10 PM. |