| 1 |
On Wed 17 August 2011 17:23:41 Michael Mol did opine thusly: |
| 2 |
> On Wed, Aug 17, 2011 at 4:56 PM, Grant <emailgrant@×××××.com> wrote: |
| 3 |
> > I currently use a free service to host the DNS records for my |
| 4 |
> > website, but I'm thinking of running a DNS server on the same |
| 5 |
> > machine that runs my website instead. Would that be fairly |
| 6 |
> > trivial to set up and maintain? If so, which package should I |
| 7 |
> > use? |
| 8 |
> |
| 9 |
> ISC bind is the de facto standard for DNS servers. I haven't |
| 10 |
> administered bind on Gentoo, but on Debian, most of the problems I |
| 11 |
> run into come from how Debian packages and updates configuration |
| 12 |
> files. |
| 13 |
> |
| 14 |
> I'm not running DNS servers in any major production capacity; I've |
| 15 |
> got a bind server at home linking my home domain and my employer's |
| 16 |
> work domain across a VPN, and updated dynamically via a dhcpd on |
| 17 |
> the same server. It's also serving as a caching recursive resolver |
| 18 |
> for my home network, which was *really* necessary when I was still |
| 19 |
> on AT&T. (The DSL link was dropping packets every now and again, |
| 20 |
> and it's a PITA when that happens to DNS queries) |
| 21 |
|
| 22 |
You're running an auth server and a cache on the same machine? |
| 23 |
|
| 24 |
At a minimum they should be on different interfaces and preferably in |
| 25 |
chroots. Otherwise all manner of $BAD_STUFF happens. |
| 26 |
|
| 27 |
I assume your home domain is small, in which case you'd probably get |
| 28 |
away with it. But still. |
| 29 |
|
| 30 |
> If you want to get into managing your own DNS, and if there was |
| 31 |
> anything in that previous sentence you're unfamiliar with, I highly |
| 32 |
> recommend O'Reilly's DNS & Bind: 5th Edition before you commit any |
| 33 |
> of your services to your own server. |
| 34 |
|
| 35 |
Excellent book, up there with Mastering Regular Expressions. |
| 36 |
|
| 37 |
The fellow who sits on the other side of the partition from me has |
| 38 |
that very edition - signed by Cricket. |
| 39 |
|
| 40 |
Lucky bastard. He won't even let me touch it, never mind read it. |
| 41 |
|
| 42 |
-- |
| 43 |
alan dot mckinnon at gmail dot com |
Archives