[linux-sec-uk] djbdns / dns

Toby Bryans linux-sec-uk at mailman.lug.org.uk
Wed Aug 20 13:48:01 2003


On Wednesday 20 August 2003 12:40 pm, James Davis wrote:
> With the recent discusion of qmail/sendmail/... and an article on DNS
> posted to slashdot I'd be interested in experiences with djbdns,
> especially in comparison (security wise) with other DNS servers.

I run a couple of small DNS servers using tinydns and I have been very happy 
with them, both in terms of security and in terms of speed and manageability.
Yes, they do take a little while to set up, but it fits in very well with the 
way I run my servers anyway (using ofa) so it isn't a problem for me. I have 
the installation down to pat now ;), and I find that once they are set they 
need virtually no maintenance and are very easy to script management tools 
for.

Once you get used to djb's way of doing things it is actually quite nice, I
promise ;).

> Has anyone suffered a serious threat to the security of their DNS setup?

Not yet...

Ah, here have an Intro as well :): I have been working as a Sysadmin for 5 
years now, mostly on Linux and Windows systems. A major part of my job has 
been security in the financial sector, originally for a ISV but now for a 
brokerage. I used to run RedHat, but I found that it has become unmanageable
from first install now, so am starting to roll out Gentoo servers which I
can keep track of (and keep minimal software on) a lot more easily.

-- 
T./ | Network Manager | Voltrex Options Ltd  | http://voltrex.com/