DNS

RW list-freebsd-2004 at morbius.sent.com
Sat Apr 1 14:11:18 BST 2006


On Friday 31 March 2006 17:24, James wrote:
> >>This is a caching only box as all his major DNS information is held by
> >>his ISP.  He has been having alot of problem with his caching name
> >>server and wants to move to a Freebsd box.
> >>
> >>Can anyone suggest a good safe way to carry this type of carrying out
> >>this operation?  I was thinking along the lines of a Freebsd box with
> >>djbdns as a caching name server. Would that be safe and secure for him
> >>to use?
> >
> >Why not just use bind? It works pretty well "out of the box" on FreeBSD.
> > It
>
> would also be able to handle any DNS
>
> >needed for an internal intranet and/or dynamic DNS updates from windows
>
> PC's.
>
> >Chris.
>
> I'm in agreement on that, not to mention that bind is easy to setup and
> use.

Bind is easy to setup as a cache because of it's rc.d support, djbdns dnscache 
is not much harder though, and I like it's modularity, you are just running a 
pure cache.   The only problem I've had is that until local packages are 
properly integrated into RCng (6.1 ?) it starts after system services. I just 
add an ISP server to resolv.conf for ntpdate etc.

Personally, the main reason I switched to doing my own lookups in the first 
place  was a series of cache-poisoning attacks against ISPs running BIND.  
Try googling "advisory  djbdns or bind", to get a feel for the security 
position. 




More information about the Ukfreebsd mailing list