list-freebsd-2004 at morbius.sent.com
Sat Apr 1 14:11:18 BST 2006
On Friday 31 March 2006 17:24, James wrote:
> >>This is a caching only box as all his major DNS information is held by
> >>his ISP. He has been having alot of problem with his caching name
> >>server and wants to move to a Freebsd box.
> >>Can anyone suggest a good safe way to carry this type of carrying out
> >>this operation? I was thinking along the lines of a Freebsd box with
> >>djbdns as a caching name server. Would that be safe and secure for him
> >>to use?
> >Why not just use bind? It works pretty well "out of the box" on FreeBSD.
> > It
> would also be able to handle any DNS
> >needed for an internal intranet and/or dynamic DNS updates from windows
> I'm in agreement on that, not to mention that bind is easy to setup and
Bind is easy to setup as a cache because of it's rc.d support, djbdns dnscache
is not much harder though, and I like it's modularity, you are just running a
pure cache. The only problem I've had is that until local packages are
properly integrated into RCng (6.1 ?) it starts after system services. I just
add an ISP server to resolv.conf for ntpdate etc.
Personally, the main reason I switched to doing my own lookups in the first
place was a series of cache-poisoning attacks against ISPs running BIND.
Try googling "advisory djbdns or bind", to get a feel for the security
More information about the Ukfreebsd