D&C GLug - Home Page

[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] IPCOP & BIND

 

Gary wrote:
> 
> Now the problem is this ... the current Debian setup also has a BIND9 DNS
> server set up on it (bad practice I know running a firewall and DNS server
> on the same machine) and they want the replacement PC to have the same.

I think time to exercise a little political muscle.

If they want a locked down easy to manage firewall distro, then that is
what they want, and they should move the DNS service elsewhere.

I'd be wary of even trying to add something like BIND9 to a distro that
didn't have it. Ubuntu didn't manage to supply me with a stable copy of
BIND9, why do you think you'll succeed?

Just stick a locked down firewall in a drop in configuration, and leave
an old PC running Debian Sarge and BIND9 on the old IP address, would be
my advice. Hey you probably already have such a PC up and running.

Bad practice I know, but hell I have a firewall running BIND9, it
doesn't worry me much give the recursive server is locked down tightly,
the BIND 9 process runs chrooted, and the box is massively over
specified, rock solid, and always on (at least when the Internet
connection is working). It isn't protecting Fort Knox, and the majority
of the browsers in use behind it scare me far more.

-
The Mailing List for the Devon & Cornwall LUG
Mail majordomo@xxxxxxxxxxxxx with "unsubscribe list" in the
message body to unsubscribe. FAQ: www.dcglug.org.uk/linux_adm/list-faq.html