Best OS for a bind9 ?
 

Hello,

on our company we are going to install a bind9 dns servers.


There is any best operative system to run it?

I would have to be the maintainer, so I'm thinking about a cron job to update it, good backup system and nothing else. So i really don't care if the OS is new for me.


Many thanks.


Marc

I would go for CentOS 5, its stable, proper packing and quite secure, but most of people will say Debian :)

So good luck!

I would suggest debian because you can strip it down to just what you need more easily than centos. Almost any server linux distribution will function here though, take the one you like the best and find the easiest to maintain. Just keep the desktop stuff off of it and you'll have no significant problems.

My personal top three choices would be Debian, Slackware, and CentOS.

Thats crap, "You can strip down Debian", this actually means you don't know much about Linux or the other distro's.

Any distro can be done as the "admin" wants to. You just need to know how, also if you are a newbie then CentOS is more serious, most of Debian releases are unstable releases, insecure new packages which don't give a lot of sense for a serious server and lets not talk about a newbie, which can't maybe make the difference between them.

I'm using both of the distro, and have use more during time, at the moment CentOS is what means server, maybe some would say Suse, but in general CentOS is an enterprise OS.

Also if you want easy, try Ubuntu Server, Fedora, Mandriva, OpenSuse, but I do not recommend any of them, also neither Slackware, is superb but not for newbie.

Thanks folks.

For me debian and centos makes no difference, i run both of them on production sites.

I was thinking about bsd or unix like, but if you say centos or debian, I'll go on debian.


Another question is: it's necessary to chroot the bind9 stuff?
I guess not, if i go with last stable version should be no problem, isn't it?

Wow. I think that covers it. I don't even need to reply, you made it abundantly clear what your knowledge level is.

*BSD is not a bad choice at all and certain distributions definitely make a nod towards security in a more significant way than most linux distributions, but I really don't know your experience level with *nix is in general and based on my experience-- linux is a multitude easier to install and use, and more forgiving with hardware. The last time I installed bind9 from a package manager (centos5) I used the chrooted version and I would recommend you still chroot bind and avoid running it as root. I'm honestly not sure if the debian packaged version is chrooted by default or not as the last couple times I installed it on debian it was via source because I wanted a newer version than was available in stable (9.3.4). In general it hasn't had the security issues of previous versions of bind, but I still don't have a tremendous amount of trust for it.

Thats funny, easy to judge, hard to give advice.

Good luck on your bind search :)

I have no knowledge of *nix, i've installed some versions on my laptod and computers but I never gone futher than that.

Thinking about by needs, I thought that install the base+bind + update each week it's not that hard. bind is just a txt file if i'm not wrong.

On the other side, you have done a point. I should look for the versions on each stable release. There is any site where I can compare a package version on many distributions?(google says no)

Don't take it too hard, but looks like you have had a bad experience with debian. ;) Give it another chance. :)

@Permalac: well, CENTOS is a free version of RHEL which is definitely production grade and updated regularly.
I'd go with that. Always gives you the option to easily convert over to RHEL if your management want paid support, even if its just for that warm fuzzy feeling.

You might want to pick up a book on Linux Security and securing bastion servers. After striping out everything you don't need and maybe even rebuilding the kernel with fewer features and ideally even LKM support deselected, what you will end up with won't resemble the original distribution much. You will be stripping out may of the features that distinguish one distribution from the other. You are off to a good start by letting the DNS server server only one function. That makes it easier to strip it down, removing unneeded packages. This makes a server more secure because there is a smaller attack surface.

If you want SELinux security protection, then start with Fedora, RHEL, or Centos. If you want AppArmor instead, start with SuSE. You will still have the advantage of security patches being packaged and distributed by the distro, but your system may resemble an LFS or roll your own more than a work station installation of the same distro.

IMHO, if you already use a particular distribution, stick with it. That way, you already know how to administer it. There will just be less to administer without X or common apps and utilities installed.

Bind these !

I don't hate Debian, or Debian based distro's. I just consider for a production environment we cant talk about distro's like Debian, Slackware and so on. To be honest my "true love :)" is Slackware, always was, but I am working in an enterprise environment and you cant play with Debian and Slack or whatever.

Myself I use all of them when I get the time to it, I have Ubuntu Desktop, Ubuntu Server, CentOS 5 32bit and 64bit, had Fedora, OpenSuSE, Desbian, Slack, but for me when it comes to servers, the best stable job is done by CentOS, when it comes to desktops Ubuntu or maybe Fedora or maybe Debian.

Dont understand me wrong, any of you, Im not say to "DO NOT USE DEBIAN", Im just saying depends on how serious is the server, that my point.

Yes, you can do at least some level of comparison at http://distrowatch.com/. (Select a distribution out of the list and most of the major ones will have all the major packages and what revision they're using, you can compare between them that way.)

Pretty much most of the players who are "server" grade are running 9.3.4 (with a variable patch level) right now. Debian, CentOS (RHEL), Novell, etc. If you goto more cutting edge distributions which aren't necessarily suited for server use in my opinion you start getting into much more updated versions... Arch 9.5.0P2, Gentoo 9.4.3p1, Fedora 10 9.5.1b2, etc.

If you have reason to need one of the newer revisions of bind you'll be compiling it on most server type distributions. Almost all the major distributions will roll out patches to fix any major security flaws between releases, but not for features. So unless you need a feature that's unavailable in the older version it shouldn't matter.