Quote:
Originally posted by danimalz
My question in a general sense is:
1) When should an admin install bind for local resolution, as opposed to simply using a reliable one nearby..?
|
Some reasons (non exhaustive list...) for which you may want to run a DNS server locally:
- You want to speed up name resolution on your local network using a cache dns server
- You need to resolve names on your local network installed on a VPN (to acces different web, ftp, ssh.... servers).
Quote:
Originally posted by danimalz
Related questions are:
2) Are there any complications involve with running your own dns? It seems, from searching the net, that this is quite common and no big deal.
3) How difficult is it to maintain a dns server?
|
This answer to those two questions will greatly depend on the type of use you will make of your dns server. For a cache only name server, in most cases, your just have to setup, run and forget about it. For a local name resolution, you will have to configure/maintain one or several local master/slave zones, with a maintenance overhead depending on how often your have to change settings on those zones.
Quote:
Originally posted by danimalz
4) Is it always necessary to chroot BIND..?
|
No. Just decide to do it or not depending on your security requirements.
Quote:
Originally posted by danimalz
5) Are there any other gotchas (from you experienced guys..) related to this...?
|
I run a local name server on my vpn for about 18 months for caching and local name resolution. Beside the work overhead to read doc and learn DNS a little bit, configure my server and my local zone, configure the different pcs on the network and the dhcp server in the beginning, I rarely touch the dns configuration except when adding new machines/domains or upgrade the server. I use bind9 on fedora core 4
