1 |
Alan McKinnon <alan.mckinnon <at> gmail.com> writes: |
2 |
|
3 |
|
4 |
> > These are the (2) net facing primary and slave dns servers, just for the |
5 |
> > few domain names I willauthenticate. They'll be behind a firewall |
6 |
> > (iptables/dmz) with no internal zone information. Strictly auth, public |
7 |
> > facing, with DNSsec. |
8 |
> Then you need your chosen name server (bind), your chosen fw ruleset |
9 |
> generators (iptables, maybe some other front end) and maybe fail2ban or |
10 |
> one of it's friends if you find some port gets hammered. |
11 |
|
12 |
fail2ban. an excellent additional package. |
13 |
|
14 |
> How much ram do you think you need? |
15 |
|
16 |
The idea is to minimize the ram footprint. -Os in the make.conf file |
17 |
should keep things small, with little performance degradation. Profile:: |
18 |
[1] default/linux/amd64/13.0 * |
19 |
|
20 |
Do you think I can keep the HD size (ide-CompactFlash) below 4 gig? |
21 |
I did years ago on a gentoo firewall circa 2009. Tricks for OS size |
22 |
minimization are the focus now. |
23 |
|
24 |
> > Bind9, dnssec-tools, iptables:: any other packages relevant/germane |
25 |
> > on a amd-default profile [1] ? |
26 |
|
27 |
> Yes, that's about it. |
28 |
> Add in all the other usual server stuff you like to use - monitoring, |
29 |
> logging, notifications, mail, whatever |
30 |
|
31 |
mailx, another good idea. |
32 |
|
33 |
OK, now a minimized set of flag setting for make.conf:: |
34 |
USE="-8 ncurses ssl crypt berkdb pam perl pcre python readline zlib bzip2 |
35 |
nptl syslog" |
36 |
|
37 |
|
38 |
were the flags on that minimzed gentoo (firewall) systems; further reducing |
39 |
the globals flag is warranted? |
40 |
Any suggestions on flag minimization? |
41 |
|
42 |
with:: CFLAGS=" -march=native -Os -pipe" |
43 |
|
44 |
I hope I can get the total size @ or below 3 GB, as I have several 4 GB CF |
45 |
cards on hand; other suggestions? |
46 |
|
47 |
|
48 |
James |