Can anybody tell me what is the best distro to use for building a DNS server? I have been playing around with CentOS 5.5 and have heard mixed results. Also I need to know how to download it. Alot of distro's do not have iso's, like openbsd and i am confused on what exactly to download.
Thanks

I can't think of any particular reason one distribution would be better than any other for serving DNS, nothing really distro-specific involved.

As for distributions without ISOs, you will have to clarify what you mean exactly. OpenBSD is not a Linux distribution, so that doesn't really apply. What other distributions have you not been able to download an ISO for?

1 members found this post helpful.

As the above poster said, the distro doesn't really matter for something like this. Use whatever has the package manager you are most comfortable with.

2 members found this post helpful.

OpenBSD is secure, and I use it for DNS.

http://mirror.team-cymru.org/pub/Ope.../install48.iso

Iso's are made available by the OpenBSD team.

1 members found this post helpful.

I was told, No Harped on, not to use RHEL or CentOS by people on this forum because it is not secure enough for a dns server in the DMZ. So being new to linux, 12 years+ building microsoft dns, I started to get a little concerned. If openbsd is not linux then what is it? Now I am completely confused. See this post http://www.linuxquestions.org/questi...d-conf-866277/. This was not the only one just an example.

http://en.wikipedia.org/wiki/OpenBSD

Kind regards

1 members found this post helpful.

211m for the BSD download is that correct? Not a very big OS. Which is fine just wanted to make sure i wasn't missing anything.

OpenBSD is...well, BSD. Completely separate OS from Linux.

Wrong question.You would have been starting from 'Which is the best DNS Server for my use case?'

if you decide on something other than BIND, maybe if you chose something that was that bit more obscure, you might find that some distros have your choice of server in repos and others don't. That might be an argument. And, you wouldn't really want to choose a distro for which updates are not available for a reasonable period, because that would be unreasonable for any server. And I don't think that I would choose DSL or Puppy, although, being focussed on small size and use on old hardware, they would really be painfully eccentric choices for any server.


I looked at http://www.openbsd.org/ftp.html, Argentina (because it was first, alphabetically) and i386 (lowest common denominator) and there was an iso, even though its not Linux. Its a BSD; No Linus Torvalds involved. But they are all Unix-style OSs, so it certainly wouldn't be a bad choice...as wouldn't be lots of others.

Wow. I don't know what to do with that statement. So the OS used by the biggest players on the web isn't secure enough for your use? Well, it seems to me that two issues may have come up

• Maybe people in these other thread(s) came to the conclusion, rightly or wrongly, that you didn't know how to take an 'out of the box install' and turn it into something secure and keep it like that. You may have have made comments that convinced them of that position.
• Maybe they had really decided something about the rest of your network arch was exposing your DNS server (or the boxes using the DNS service) to undue risks.

(but, I'm only guessing). I really, really don't believe that RedHat, or a clone thereof, can't be made secure in normal circumstances and administered by a competent RH administrator, but maybe special considerations apply in this case.

1 members found this post helpful.

Gymiv, lets try to focus on facts and technical details that we can help you with.
I read the post you linked to and it looks like you received recommendations to use BSD and stay away from Cent-OS. Without specific facts addressing why, I would take these suggestions as personal preference and bias of the person making them. I agree with Salasi in that I can't see any reason to not use Cent-OS. If you are comfortable with that, then use it. Any of the main Linux distributions should be fine for servers. The majority of the (lack of) security considerations will come from what YOU add to them rather than the distribution itself. I personally use Ubuntu server edition and Slackware 13.1 for servers with BIND as the DNS package of choice. The other package I am familiar with is DNSMASQ, though I would recommend BIND.

Now, according to that thread, you had some problems with the configuration files. You received two suggestions in response: 1 - install the caching name server package, 2- the documentation says that the configuration files had been misplaced and where to copy them from. Have you made any progress on this front?

1 members found this post helpful.

Yes my concern was none of the config files were showing up where the howto's i was reading said they were supposed to. I found out that the centos package does not install them, by design. I was wondering at the time if the program was installing them properly, i now know it is installing properly. I have been building microsoft dns servers for 10+ years. being somewhat new to linux, and not having anyone i know to use as a reference point i wanted to make sure why i was not seeing what the web was saying i should see. you now see my challenge and why i asked the question. this will be a productio server and in my dmz. i am doing the best i can with what i have.

You can use any linux server want but search easier like suse server

Use this link and enjoy


http://www.pcc-services.com/sles/dns.html

1 members found this post helpful.

This is a very wise course of action. Thank you for clarifying your situation in your last post as it helps to provide an on target answer, which I will try to do below:

All of Linux distributions use the Linux Kernel at their core and most of them use the tool set, largely developed my GNU, that provides the basic commands and compilers that you work with. The distributions differ in how they optimize for certain features, such as size, performance, and appearance and some have different philosophies regarding release cycles and updates. For example, Ubuntu, which is based upon Debian, is committed to a major release every six month while Debian itself follows a much slower release cycle. Servers are a little bit of a challenge in that you need to balance stability versus security from keeping things patched. Most distributions do make release updates in response to security issues. If you use a system like Ubuntu that automatically checks for updates you will get this as part of the update. If you choose one that does not, like Slackware, you will be responsible for learning (subscribe to an announcement list) about the updates and deciding to install them. My personal experience over the last few years has been that even a rapidly updated system like Ubuntu is that the updates haven't caused problems. One of the more noticeable differences is in the package management. The two most common ones are the Debian style and the Red Hat style, though in most distributions tools take care of these for you. Similarly there are some differences in layout of configuration information, such as using the init.d versus the rc.d format for start-up applications. None of these things will really matter in terms of overall security, it is more a matter of familiarity and personal choice. Linux, as you may be noticing, is all about choice.

Now as far as the DNS server goes, as was previously mentioned, the primary DNS package is called Bind and I am pretty certain that the current release is still Bind9. It is a very feature rich and high performance package and it will serve your operations well. I am not familiar with Windows DNS, but I imagine that in much of it is similar in terms of setting up zones with A, CNAME, MX, TXT records along with an SOA block. If so, you should have little to no trouble using it. The big thing to watch is that it is particular about the syntax and this includes white space (always watch tabs versus spaces).

In terms of security, you will want to watch the configuration to make sure that it doesn't release information that you don't want getting out. One of the big options to consider is the recursive capability. I personally run Bind on two public facing servers and host 3 domains with it as well as having an internal only domain with DHCP updates and automatic master-slave fail over. I keep it setup so that externally, only the public facing servers will resolve and the internal ones will return an error. From within the LAN, it is all identifiable.

By default, Linux only opens ports for processes that run. This makes in inherently more secure than a lot of other systems. All of them use iptables for the default firewall, which is compiled into the kernel. You can use iptables as a wrapper around your system to ensure that only the desired ports are opened. Each package or application you install will have its own needs as far as securing it and this is why we are saying that it involves more what you add to it, rather than the base distribution itself.

Hopefully the above answers some of your questions. If not, please respond and we can discuss the topics further.

1 members found this post helpful.

Thank you for your explanation. The main thing i need is the understanding and locations of the config files. As far as services go my understanding is the only one i need to be concerned with is named, got that one covered. You are correct as far as i can tell setting up records, a,mx,..., is the same as microsoft. I am trying to understand what all the main config files are and how they work together. So I can configure bind correctly test it and put it in production. The link from the post before yours is very informative but it is not taylored for centos 5.5. I want to make sure that when i set this up it works properly. I am using vmware viewer to stage test scenario systems. I can copy the core system and copy it back if i need to trash the test system. The production servers will be on servers not virtual. I am currently using the gui in centos to access the computer. Being as i am still learning commands. I was also curios if there was a gui for bind and how to access it. As i do not see anything in the program list. This is not neccessary but may make things easier.

The vast majority of the configuration files will be located in the /etc directory. This will probably become the directory that you are most familiar with. Generally each application will have a directory with the application name and in that directory will be the primary configuration files. Unfortunately, Bind is usually the odd man out in this description. In addition to the configuration files in /etc, it is common to configure some run time configuration files in a sub directory of /var, which is used to hold information that changes, such as logs. This would be especially true if you use dynamic DNS updates, whereby you DHCP server will communicate with your DNS via a shared secret key system and automatically update the zones as dynamic hosts come and go. The real advantage of this is that it allows you to perform forward and reverse lookups of dynamic hosts and refer to machines by name regardless of what IP they get assigned. As far as setup of Bind, here is a link to a how-to document that I personally found to be helpful. Be sure to check the links in the upper right hand corner as there are about 3-4 of them on DHCP and DNS.

Setting up your servers in VMware for testing should be a solid approach. You might even want to consider the advantages and disadvantages of doing so in production, or at least partially. I understand that some people virtualize server systems like DNS to facilitate changing them out without impacting the rest of the system.

Using the GUI is fine, especially if you are using it to learn your way around. Ultimately, I think you will find that the command line becomes your tool of choice. It is amazingly powerful, especially when one reaches the point where they begin to start combining commands to perform complex actions. The command line allows for a tremendous number of parameter switches to fine tune the operation that would just be prohibitive in a GUI environment. There is a free PDF book title GNU/Linux Basic here. It is an excellent book that is well written and easy to follow and has information that both a beginner and a moderately experienced user will find beneficial. I think you will find it's treatment of the command line and directory structure layout quite beneficial.

Lastly, as far as GUI applications, you might want to look at Webmin. Like all tools, it has its pluses and minuses. I believe that it will allow you to configure Bind, but I am not 100% certain. You should check it out though and see if it helps.

1 members found this post helpful.