[blfs-support] Good DNS server for personal and home use?
akuktin at gmail.com
Fri Jul 6 15:41:53 PDT 2012
>On Thu, 05 Jul 2012 18:02:47 -0500
>Bruce Dubbs <bruce.dubbs at gmail.com> wrote:
> Aleksandar Kuktin wrote:
> > Hi guys!
> > I have a question. I want to have my own DNS server. The main reason
> > for this is to increase fault tolerance of my computer, make
> > browsing the Web and Internet faster and more enjoyable and have a
> > local miror of as much of the Internet as possible.
> > But I am lost as to what DNS server I should put.
> > For now, I want to run the server on my computer, serving only my
> > computer. I will firewall it from the rest of the world. Later,
> > when I move to my own place, I want it to run on a dedicated
> > "master of the network" machine, serving the whole home.
> > I was originaly going to go with BIND, but I have cold feet now
> > because of it's many security holes, the ones they still keep
> > discovering all the time.
> Which ones are those? I don't follow it closely any more, but bind-9
> has been pretty good AFAIK. The older versions (5, 8) did have a
> reputation for problems, but I think 9 is OK.
Okay, I let it slip here. I am subscribed to an aggregator of several
distro security maillists and a few weeks ago there were a lot of
fixes for BIND 9 coming in from there. Not that I actually took the
time to look them over, they turned out to be a crash on an zero-length
RDATA field and a defect in the DNS protocol. I do not consider crashes
(Denials of Service) to be real security problems and the other one is
not specific to BIND.
I have also read that BIND 9 is secure, but am sometimes (all the time)
> Also, I would kind-of like to avoid reading a huge manual to
> > set it up in a simple enviroment like this.
> Use the instructions in the bind configuration section of the book.
> As far a bind goes, just make sure it uses udp and not tcp. The
> problems in the past have been with regard to zone transfers, but
> those only occur with tcp.
> Another reference that looks OK is
> On the other hand, using something without reading a huge manual can
> be a problem. You need to know what you are doing when working with
> low level internet protocols.
> -- Bruce
Well, I made BIND run. Ended up reading most of the big fat manual so
no time and effort savings there. But I had a lot of fun setting up my
own top-level domain. :) Unfortunately, I only have one machine so all
domains resolve to 127.0.0.1.
The performance increase is admirable and about what I expected.
However, I do have a problem with the perisheable cache. One of the
alternatives, pdnsd, writes its cache to disk on shutdown and re-reads
it on startup. This enables it to carry the cache over the power
cycle, a feature I would like to have.
Is there a way to make BIND do the same? I went over the configuration
options in BIND Administrator Reference Manual but found nothing. Maybe
there is something in the source tree? I should probably look there
Fourth law of programming:
Anything that can go wrong wi
sendmail: segmentation violation - core dumped
More information about the blfs-support