[blfs-support] Good DNS server for personal and home use?

Aleksandar Kuktin akuktin at gmail.com
Fri Jul 6 15:41:53 PDT 2012


>On Thu, 05 Jul 2012 18:02:47 -0500
>Bruce Dubbs <bruce.dubbs at gmail.com> wrote:
>
> Aleksandar Kuktin wrote:
> > Hi guys!
> >
> > I have a question. I want to have my own DNS server. The main reason
> > for this is to increase fault tolerance of my computer, make
> > browsing the Web and Internet faster and more enjoyable and have a
> > local miror of as much of the Internet as possible.
> >
> > But I am lost as to what DNS server I should put.
> >
> > For now, I want to run the server on my computer, serving only my
> > computer. I will firewall it from the rest of the world. Later,
> > when I move to my own place, I want it to run on a dedicated
> > "master of the network" machine, serving the whole home.
> >
> > I was originaly going to go with BIND, but I have cold feet now
> > because of it's many security holes, the ones they still keep
> > discovering all the time.
> 
> Which ones are those?  I don't follow it closely any more, but bind-9 
> has been pretty good AFAIK.  The older versions (5, 8) did have a 
> reputation for problems, but I think 9 is OK.

Okay, I let it slip here. I am subscribed to an aggregator of several
distro security maillists and a few weeks ago there were a lot of
fixes for BIND 9 coming in from there. Not that I actually took the
time to look them over, they turned out to be a crash on an zero-length
RDATA field and a defect in the DNS protocol. I do not consider crashes
(Denials of Service) to be real security problems and the other one is
not specific to BIND.

I have also read that BIND 9 is secure, but am sometimes (all the time)
paranoid.

>   Also, I would kind-of like to avoid reading a huge manual to
> > set it up in a simple enviroment like this.
> 
> Use the instructions in the bind configuration section of the book.
> As far a bind goes, just make sure it uses udp and not tcp.  The
> problems in the past have been with regard to zone transfers, but
> those only occur with tcp.
> 
> Another reference that looks OK is 
> http://en.gentoo-wiki.com/wiki/HOWTO_Setup_a_DNS_Server_with_BIND
> 
> On the other hand, using something without reading a huge manual can
> be a problem.  You need to know what you are doing when working with
> low level internet protocols.
> 
>    -- Bruce

Well, I made BIND run. Ended up reading most of the big fat manual so
no time and effort savings there. But I had a lot of fun setting up my
own top-level domain. :) Unfortunately, I only have one machine so all
domains resolve to 127.0.0.1.

The performance increase is admirable and about what I expected.

However, I do have a problem with the perisheable cache. One of the
alternatives, pdnsd, writes its cache to disk on shutdown and re-reads
it on startup. This enables it to carry the cache over the power
cycle, a feature I would like to have.

Is there a way to make BIND do the same? I went over the configuration
options in BIND Administrator Reference Manual but found nothing. Maybe
there is something in the source tree? I should probably look there
too.

-- 
   Fourth law of programming:
   Anything that can go wrong wi
sendmail: segmentation violation - core dumped



More information about the blfs-support mailing list