[NTLUG:Discuss] Linux DNS Server

[David Stanaway]

On Tue, 2004-02-03 at 10:04, Jeff Demel wrote:
> > Why not just do a Debian/RH/Mandrake/whatever install, and select to 
> > install only the packages that you need?
> 
> For two reasons.  One, I've never seen an installer that did well with
> resolving dependencies once you start really narrowing down the install.
> And two, I was just hoping to find a pre-configured distro to simplify
> things.

All of my server installs use deb debian base, and I don't even touch
dselect,  I just:

apt-get install ssh less host dnsutils and then whatever other services
I need on there.  In your case:
apt-get install bind9 vim (Or whatever editor you like for zone files) 
and as auggested, if you like a web admin interface ,then install webmin
and I think webmin-bind

It is pretty easy to install a bare bones debian system, then it is a
matter of apt-cache searching the additional packages you want.

The advantage with this is debian has a pretty good security
team/community and you can just apt-get update/upgrade your way to the
next stable release, and be fairly comfortable with the security.

You will probably want to purge the nfs packages which are part of the
base install, and maybe disable inetd also to reduce the network
fingerprint, and playing around with iptables would be a good idea, also
there are some other packages that would be a good idea also such as
bsign or some other tripwire like app. And it is generally a good idea
to roll your own kernel with nic drivers etc compiled into the kernel
and modules disabled.

If you go for some custom install image that just has bind and bind
admin packages, then you take on a little more responsibility in keeping
the system uptodate with the latest security advisories. It is not
something I would do, but that is just my 2c.

-- 
David Stanaway <david at stanaway.net>