| 1 |
Alan McKinnon <alan.mckinnon <at> gmail.com> writes: |
| 2 |
|
| 3 |
|
| 4 |
> > These are the (2) net facing primary and slave dns servers, just for the |
| 5 |
> > few domain names I willauthenticate. They'll be behind a firewall |
| 6 |
> > (iptables/dmz) with no internal zone information. Strictly auth, public |
| 7 |
> > facing, with DNSsec. |
| 8 |
> Then you need your chosen name server (bind), your chosen fw ruleset |
| 9 |
> generators (iptables, maybe some other front end) and maybe fail2ban or |
| 10 |
> one of it's friends if you find some port gets hammered. |
| 11 |
|
| 12 |
fail2ban. an excellent additional package. |
| 13 |
|
| 14 |
> How much ram do you think you need? |
| 15 |
|
| 16 |
The idea is to minimize the ram footprint. -Os in the make.conf file |
| 17 |
should keep things small, with little performance degradation. Profile:: |
| 18 |
[1] default/linux/amd64/13.0 * |
| 19 |
|
| 20 |
Do you think I can keep the HD size (ide-CompactFlash) below 4 gig? |
| 21 |
I did years ago on a gentoo firewall circa 2009. Tricks for OS size |
| 22 |
minimization are the focus now. |
| 23 |
|
| 24 |
> > Bind9, dnssec-tools, iptables:: any other packages relevant/germane |
| 25 |
> > on a amd-default profile [1] ? |
| 26 |
|
| 27 |
> Yes, that's about it. |
| 28 |
> Add in all the other usual server stuff you like to use - monitoring, |
| 29 |
> logging, notifications, mail, whatever |
| 30 |
|
| 31 |
mailx, another good idea. |
| 32 |
|
| 33 |
OK, now a minimized set of flag setting for make.conf:: |
| 34 |
USE="-8 ncurses ssl crypt berkdb pam perl pcre python readline zlib bzip2 |
| 35 |
nptl syslog" |
| 36 |
|
| 37 |
|
| 38 |
were the flags on that minimzed gentoo (firewall) systems; further reducing |
| 39 |
the globals flag is warranted? |
| 40 |
Any suggestions on flag minimization? |
| 41 |
|
| 42 |
with:: CFLAGS=" -march=native -Os -pipe" |
| 43 |
|
| 44 |
I hope I can get the total size @ or below 3 GB, as I have several 4 GB CF |
| 45 |
cards on hand; other suggestions? |
| 46 |
|
| 47 |
|
| 48 |
James |
Archives