Best OS for a bind9 ?
Hello,
on our company we are going to install a bind9 dns servers. There is any best operative system to run it? I would have to be the maintainer, so I'm thinking about a cron job to update it, good backup system and nothing else. So i really don't care if the OS is new for me. Many thanks. Marc |
I would go for CentOS 5, its stable, proper packing and quite secure, but most of people will say Debian :)
So good luck! |
Quote:
My personal top three choices would be Debian, Slackware, and CentOS. |
Thats crap, "You can strip down Debian", this actually means you don't know much about Linux or the other distro's.
Any distro can be done as the "admin" wants to. You just need to know how, also if you are a newbie then CentOS is more serious, most of Debian releases are unstable releases, insecure new packages which don't give a lot of sense for a serious server and lets not talk about a newbie, which can't maybe make the difference between them. I'm using both of the distro, and have use more during time, at the moment CentOS is what means server, maybe some would say Suse, but in general CentOS is an enterprise OS. Also if you want easy, try Ubuntu Server, Fedora, Mandriva, OpenSuse, but I do not recommend any of them, also neither Slackware, is superb but not for newbie. |
Thanks folks.
For me debian and centos makes no difference, i run both of them on production sites. I was thinking about bsd or unix like, but if you say centos or debian, I'll go on debian. Another question is: it's necessary to chroot the bind9 stuff? I guess not, if i go with last stable version should be no problem, isn't it? |
Quote:
|
Quote:
|
Thats funny, easy to judge, hard to give advice.
Good luck on your bind search :) |
Quote:
Thinking about by needs, I thought that install the base+bind + update each week it's not that hard. bind is just a txt file if i'm not wrong. On the other side, you have done a point. I should look for the versions on each stable release. There is any site where I can compare a package version on many distributions?(google says no) |
Quote:
|
@Permalac: well, CENTOS is a free version of RHEL which is definitely production grade and updated regularly.
I'd go with that. Always gives you the option to easily convert over to RHEL if your management want paid support, even if its just for that warm fuzzy feeling. |
You might want to pick up a book on Linux Security and securing bastion servers. After striping out everything you don't need and maybe even rebuilding the kernel with fewer features and ideally even LKM support deselected, what you will end up with won't resemble the original distribution much. You will be stripping out may of the features that distinguish one distribution from the other. You are off to a good start by letting the DNS server server only one function. That makes it easier to strip it down, removing unneeded packages. This makes a server more secure because there is a smaller attack surface.
If you want SELinux security protection, then start with Fedora, RHEL, or Centos. If you want AppArmor instead, start with SuSE. You will still have the advantage of security patches being packaged and distributed by the distro, but your system may resemble an LFS or roll your own more than a work station installation of the same distro. IMHO, if you already use a particular distribution, stick with it. That way, you already know how to administer it. There will just be less to administer without X or common apps and utilities installed. |
Quote:
Quote:
|
I don't hate Debian, or Debian based distro's. I just consider for a production environment we cant talk about distro's like Debian, Slackware and so on. To be honest my "true love :)" is Slackware, always was, but I am working in an enterprise environment and you cant play with Debian and Slack or whatever.
Myself I use all of them when I get the time to it, I have Ubuntu Desktop, Ubuntu Server, CentOS 5 32bit and 64bit, had Fedora, OpenSuSE, Desbian, Slack, but for me when it comes to servers, the best stable job is done by CentOS, when it comes to desktops Ubuntu or maybe Fedora or maybe Debian. Dont understand me wrong, any of you, Im not say to "DO NOT USE DEBIAN", Im just saying depends on how serious is the server, that my point. |
Quote:
Pretty much most of the players who are "server" grade are running 9.3.4 (with a variable patch level) right now. Debian, CentOS (RHEL), Novell, etc. If you goto more cutting edge distributions which aren't necessarily suited for server use in my opinion you start getting into much more updated versions... Arch 9.5.0P2, Gentoo 9.4.3p1, Fedora 10 9.5.1b2, etc. If you have reason to need one of the newer revisions of bind you'll be compiling it on most server type distributions. Almost all the major distributions will roll out patches to fix any major security flaws between releases, but not for features. So unless you need a feature that's unavailable in the older version it shouldn't matter. |
All times are GMT -5. The time now is 05:42 PM. |