Linux·4,557 discussions

Solid DNS servers – Battle of the Distros

Locked

Yeah, yeah, yeah…. Linux is Linux is Linux. I know.

We are looking at replacing our DNS servers and upgrading to a more recent distro. We are currently running an ancient version of Slackware and Mandrake.

At the suggestion of one of the peers here, we will be tinkering with Fedora Core 3. We are not exactly ‘master’ Linux admins, so be kind.

Does anyone recommend a distro? What is the best revision of Bind?

We have heard solid review of both Debian and Slackware (although we are losing our faith in Slackware).

We have also been given reference to the Whitebox project, but I am more than hesitant at giving this one a shot.

I know – avoid x – well… I’m gonna need x. What are the security fallbacks after installing x but then not initializing x after configurations are complete?

I’m open to biased favorites and any brainstorming at all. Please advise.

Chris

Topic

I found the perfect article for you!

In reply to Solid DNS servers – Battle of the Distros

This took me three seconds to find using Google.

http://www.networkclue.com/internet/DNS/bind/

Yes the last / is in the URL address.

This tells about Fedora Core 3 BIND configuration.

Sarcasm

In reply to I found the perfect article for you!

…or maybe I didn’t word my post correctly… Thanks for the link…. I’ve been there…

I don’t know whether you’re mocking me in regards to google, or if you’re beeing serious. Of course I’ve done my research – I’m just interested in hearing some testimonials from our peers here on TR. I know everybody has their favorites.

Sorry

In reply to Sarcasm

I thought you wanted instructions.

lol – that’s how we talk here anyways

In reply to Sorry

Tutorial links are welcome, but I know a bit already. I was simply interested in the pros and cons of the various distros and the newer versions of bind – I can read all I want, but nothing compares to hands on experience when we get into small bugs and annoyances that are related to a practical implementation.

We already have *nix dns servers in place, so don’t worry about the [i]how to[/i]’s 🙂

Fedora 3 Recomended

In reply to Sarcasm

I like Fedora 3, I installed it to our church’s network and they have not had any issues comparing to Win2k. I love it and recommend it, hope this helps you out. Good luck.

Seems like

In reply to Fedora 3 Recomended

…our most realistic option at this point; I’ve heard several great reviews, I already have a background with RedHat distros, and I have the disks at work ready to go.

I’ve been quoted a few organizations with a very large web presence who have moved to FC3 since it’s release.

If by solid you mean stable…

In reply to Fedora 3 Recomended

You really should shy away from Fedora-anything.
Fedora is meant as a cutting-edge development platform and should not be counted on for stability.
Consider Red Hat enterprise 3.0 or Debian. If you’re really open minded I recommend FreeBSD for a really solid and stable product.
Anything older than bind 9.2.3 is going to be a problem since <=9.2.2 has security problems. Slackware, mandrake, fedora they all make me cringe 8)

Did you read the original post?

In reply to If by solid you mean stable…

First you’re absolutely right about running the most up to date version of BIND. It’s good advice for any software, particularly software that provides system services.

You may be right about Fedora. I thought that RH was using it as a free distro for home use.

However, when you recommended the other Unix variants you failed to take the requirement for ease of administration into account. The original post specifically asked for recommendations that are relatively easy to install and administer. The *BSD products are certainly well built. Many people also believe in the quality of Debian. But these are not easy to cut your teeth on so they do not meet the requirement of being easy to run.

re: Fedora

In reply to Did you read the original post?

Fedora is both the development testing platform for Red Hat and the “free home version” little brother of RHEL, and it is additionally the “community”-supported branching of the Red Hat line. Whereas Fedora has three testing standards of release stability, RHEL is all considered “stable”. One of those three Fedora standards is also a “stable” form, however, and that should be reasonably usable for production environments. You might be surprised by the major projects using Fedora, in fact.

All that aside, however, there have been some issues with some Fedora releases. For instance, Fedora Core 2 suffered substantially from issues involving GRUB and LVM (if I recall correctly) not playing well with each other (though Mandrake and SuSE releases, rounding out the major RPM-based distributions, suffered the same problems to some degree at about the same time). There have been other issues as well, which may or may not be relevant.

I don’t consider Fedora to be the stablest distribution, but it’s not the most unstable, either. In fact, it seems to be somewhat middle-of-the-road. Mandrake tends to be less stable and Debian more stable. Any distribution that focuses on a featureful, hefty desktop implementation tends to lean a bit toward the “unstable” side, in comparison to distros that default to minimal installs instead.

Well. I’m rambling.

Go with a BSD

In reply to If by solid you mean stable…

You can run a DNS server with a version of Linux, but DNS serving is the kind of stuff really handled well by the BSD’s. In particular, I’d go with OpenBSD. Now if you intend to run the system on the desktop, that’s an entirely different matter. Desktop Linux systems have it all over the BSD’s for hardware support, ease of installation and overall ease of use. Linux systems aren’t necessarily bad server systems, but OpenBSD has the best reputation of ANY network operating system, period.

Best for what?

In reply to Go with a BSD

You say OpenBSD has the “best reputation of ANY network operating system”. The best for what? Certainly not for ease of management. Not for availability of compatible software.

It does, however, have the best for security, and one of the best for stability. Because BIND was developed on *BSD, you can certainly expect that OpenBSD will work exceedingly well with it.

Once you start dealing with stable unices, however, many of the stability and performance differences become matters of mere degrees. OpenBSD may be slightly more secure in a slight majority of configurations than, say Debian, but there are tradeoffs. For my money, Debian is the winner in most cases. For yours, perhaps OpenBSD is. That’s entirely up to you.

Considering the original post was about something that would be easy to set up and administer, I think that what is probably wanted is something with an easy set of reliable, default, intuitive GUI tools. I wouldn’t recommend any of that for a dedicated server system, but if someone is hell-bent on running a GUI on a server I’ll recommend a distribution whose strengths are in GUI-managed servers.

If someone wants ease of management for a CLI-only server system, on the other hand, nothing beats Debian’s software management system, coupled with the breadth, depth, and stability of the apt archive system, along with the rapid and high-quality patch development for which Debian is famous.

OpenBSD can probably top Debian for security, stability, and reliability in many cases, but will require rather more micromanagement to keep it that way. For an enthusiast or a “practical paranoid” like the OpenBSD blowfish mascot and many of OpenBSD’s users, that’s fine. For someone that wants an easily-managed, high-performance, stable and secure server system, OpenBSD may not be the best choice. Throwing some relative newbie in the water with the sharks and the blowfish may not be the best option.

Simple Stable and Secure DNS

In reply to I found the perfect article for you!

I would recommend FreeBSD/OpenBSD with djbdns aka tinydns if you need a simple small and secure DNS system.

Well firstly avoid

In reply to Solid DNS servers – Battle of the Distros

Debian as it is not one of the friendlier choices available and while an excellent rock solid almost unbreakable platform it isn’t for the first timer either. Or for those with little experience, as you will never configure it correctly and will be spending far too much time with it to get it just right! 😉

For ease of install and great compatibility with Windows Domains I would not go past Knoppix and as it is one of the “Live” Versions you can test it on your hardware before installing it.

I’ve also heard some really good reports about Ubuntu and while I have a copy of the latest version here I have not as yet had a chance to play with it 🙁 so I have no personal experience with it.

For security I really can not recommend Snap Linux too much currently I have a computer loaded with it running its own little LAN and another computer constantly trying to break in. It’s been well over 7 weeks now without a single intrusion or any thing that even looks promising from a “Break It” point of view This is about the best one that I have ever used or maybe I’m just loosing my touch as I can normally break things fairly quickly but this one just doesn’t want to play nice at all.

It is just a plain install without any tweeking at all right at the moment and I can not break it yet, so God only knows just how good this will be when tweeked to make it fully secure. This one with its security app I would not hesitate to recommend to anyone wanting a gateway machine as it just seems unbreakable and I have installed the Security App on another machine and didn’t even try to break in when I saw what had been done to the system by the add on application. The guy who wrote this app is either a genius or a really evil SOD as it has some interesting things that happen when it is installed I really think it is a little of both as while it looks easy to break on the screen it just doesn’t work out that way. If I ever get the time I’ll have to have a look over the Source Code to see what he has done as it is very interesting. 🙂

I hope that is of some help to you.

Col ]:)

Thanks Colin

In reply to Well firstly avoid

I’m not a master, but I’m not really a linux newbie either (newbie enough to rely on x I guess). I’ve read some good things about Ubuntu, but haven’t spoken with anyone who’s even installed it.

I know about the SNAP project – I don’t think that this is what we’re looking for, then again I don’t know everything about it either. I thought that the project was essentially a secure communication protocol. Correct me if I am wrong

Chris from what I understand

In reply to Thanks Colin

The Snap Project was set up to run their Security Package but required some mods to the base script of Linux to work properly. The finial version of the Linux base is really rock solid and you do not need to install Trustifier or whatever it is called now. While nice it isn’t at all necessary and the whole thing works very well. It is one of the best and easiest ones that I’ve ever used.

It is somewhat better than Debian in some respects as well but of course doesn’t have the current support that things like SUSE and Mandrake do. Incidentally Mandrake 10 isn’t to bad either and SUSE with YAFS is really easy to use as well that file manager is one of the easiest that I’ve ever run across and makes SUSE stand out for that reason alone.

Red Hats offering is effectively a Beta offering for their commercial release and has some flaws built in which they will no doubt fix in the commercial version. Mandrake is now on some sought of stable commercial footing so you need not worry about them shutting up shop in the short term at least. SUSE with its very strong links with Novel is another good Distro with a solid footing and they all run RPM’s that have been developed from the old Red Hat Linux as apposed to what Debian uses which is somewhat more difficult to use for those not as experienced.

My problem is that when I started working with computers I was using Unix and it is all old news to me as this is what I learnt on and is how I expect computers to work in a far more logical manner than the Windows Boxes out there now.

I had some really massive problems when I was forced off the mainframes onto a PC and back in those days the really early versions of DOS God it was hard to come to terms with those commands as they just didn’t make any sense at first. I was given the very first MS DOS to play with and found it far to limited after playing on a Unix command line but after a short time I found DR DOS and it was much better so I started using that for everything that was DOS based. The really funny thing was I was working for a company that was so deeply in bed with MS and I didn’t have one MS program on my PC an old 286 from memory with all of 1 MEG of RAM and a few K’s of Video Memory. It was really hard to switch from Unix to DOS and every chance that I got I was back into the mainframes. Unix still makes more sense to me even today and even after far too long using all the versions of Windows I still find myself opening the command line in XP and typing in an old Unix command all too often but some of those commands make XP do funny things.

Just how big “In Processor Numbers” do you need to go? That alone will probably decide on what is the best product for you to work with. Also the other poster is quite correct with any version of Linux only install the minimum and add the rest latter as it is just easier that way and you can pick what you need as you go along but the really basics are KDS, Gnome, Samba and chose the “Server” install mode that way it is far easier to setup network connections or domains as required.

Col

I’ll try again

In reply to Solid DNS servers – Battle of the Distros

In addition to the good information provided by HAL 9000 I can say the following with confidence:

You mentioned considering Ubuntu Linux. That may not work for you since you are thinking of configuring a server. Ubuntu Linux = Debian-stable plus value added work to make it easy to install and use as a desktop distro. Since it uses Debian-stable as its base it is probably just as complicated to configure as a server as the regular Debian distro.

I have been using Novell SuSE Linux v9.x Professional for about a year. It has a lot of good stuff added to it that makes it easier to perform system administrator functions like configuring services. This distro has a system administration application called YaST2. It has both a console interface and an X interface. You can perform almost any system configuration task using it. It includes applets to configure DNS server as well as many other goodies like configuring encryption to access disk file systems. YaST2 takes all of the work out of finding what configuration file to edit, what the options are, what the file syntax is, and other learning curve stuff. You still have to understand what you are trying to accomplish. For instance in order to configure DNS server you still have to understand how DNS/BIND works. But, you don’t have to know where the DNS/BIND configuration files are in the system or how to edit them directly. YaST2 shows you your options. You make your choices. YaST2 then writes the configuration files using whatever syntax the files require without you having to worry about typing errors or whatever.

One word about installing Novell SuSE v9.x Professtional. During the initial installation DO NOT select every package to be installed. I tried that. It didn’t work. Just select the software that you believe that you will need.

Also, SuSE Linux is designed with the philosophy of being able to run any X application with any window manager. Therfore the SuSE installation installs KDE and Gnome, and configures KDE to the the default window manager. So when you are selecting packages to install you really want to include KDE and Gnome. Then when you are using the system you will probably want to use a more lightweight window manager like IceWM. That’s what I do. The KDE desktop takes forever to start. The IceWM desktop starts in a couple of seconds.

I find that I prefer to set the default run level of the system to 3. This means that you have a console log in rather than a graphical log in screen. When I log in I run the startx command. When I want to log on as another user I stop the X desktop to get back to the console interface, then I log off, and I log on as whatever other user account I want to use. This has several benefits. First, I removed the XDM startup from the boot scripts. This helps to increase security. XDM is used for graphical login to the system as well as desktop sharing and running X applications on a remote machine. I don’t do any of that so I don’t run XDM. Another benefit is that I can use the virtual consoles. When you are running Lnix at run level 3 you have several virtual consoles to use. These are accessed by pressing the ALT key plus one of the function keys. Console 1 is accessed by F1, console 2 is accessed by F2, etc. This is a good thing if you are installing a new X hardware driver. Of course you can always get from run level 5, graphical console mode, to run level 3, ncurses console mode, by opening an xterm as root and entering the init 3 command. But I prefer the console terminal mode, and I don’t have to use XDM.

Another note. The best terminal emulator software to use under SuSE Linux is gnome-terminal. The other xterm applications stink compared to gnome-terminal.

So for about US$90.00 you can get a distro that will be a great server and will provide GUI applets to configure your system.

I think it would be a good choice for you.

Thanks for the info

In reply to I’ll try again

1) retail packages had not even been considered – I will check that out for sure – I was refered to Suse before, but had totally forgotten about it when the time came to run the labs

2) I know how bind works

3) I’m a KDE fan myself… I find GNome a little bit on the ‘mickey mouse’ side, but the interface is not important in this case

lfs, blfs, hlfs

In reply to Solid DNS servers – Battle of the Distros

Linux from scratch, base system
Beyond lfs, extra tools sets
Hardened lfs, security tools

all with manuals to walk you through building a system from scratch, about 1 day for each at first.

benefit:
only the required software is installed, keeping system usage to minimum.
drawback:
you have to be fairly comfortable woth console to begin with.

give it about a month, mandrake with have released 10.2
( they are in beta 3, which usually becomes release version )
as much as you may dislike them, mandrake’s configuration tools with the 10 series of releases beat every other distro.
only caveat on the install with mandrake.
hit F1 and type expert.
this will allow you to remove those tools you don’t need/want far better than the default.

A month?

In reply to lfs, blfs, hlfs

Slackware needs a solid reboot at regular intervals right now… we need to roll out a replacement for that one asap.

Linux from scratch sounds fun though… he he he, I have a new hobby. Thanks.

Edit – I just grabbed the book… time to fuse some toner 😉

Edit#2 – duh… I think I need to eat something before I start reading this

it’s a fun

In reply to A month?

way to spend the day.

very clear cut instruction set.
( chapters 4 on are the real work. )

you could go download mdk cooker beta3 right now, but it may be buggy.
if released tuesday ( as usual ) it will overload the morrors for a month. so the wait is to get the crush finished with.

Sorry Jaqui

In reply to it’s a fun

Studying code is a FUN way to spend a day?

That’s just sad man!

You into horse racing at all? At least you can get outside and breath fresh air while socializing.

Hastings Park is opening up REALLY quick (April 16th) for the ’05 season, perhaps you should drag your butt across the Narrows and meet me one weekend, I am over for every other weekend of racing, at least. NO computer talk allowed though! None whatsoever, at all, not even THINK of penguins or windows. The only thing you are allowed to read is a racing form or the Gold cheat sheet. The only thing you are allowed to think about is ponies, beer and women. Married? Like I said, ponies, beer and women.

It sure as hell beats reading WORK though.

not the only one

In reply to Sorry Jaqui

Who has fun working an OS. 🙂

I need to take a breather though, and get back to more social things… even my tech buddies are at the point where they don’t care anymore.. too many projects and too many tools for this guy. Time to catch up with a few friends.

You’ll be alright

In reply to not the only one

May your god have mercy on your soul.

YES, DO….outside that is. I don’t have far to go now really, I can walk to the lake or the harbour and am surrounded by mountains. I just found I started pining for the outdoors one day, as I spent so much time camping when I was younger. By moving, I live in the mindset and tranquility I have always wanted, it’s like retirement without being retired. Now I enjoy visiting the Mainland again as I realized there were still things I enjoyed but now I don’t deal with the BS in between.

I have been infatuated with my work before. Sales turned into an infatuation with psychology, now THAT’S some pretty boring crap to be reading on a Saturday!

Now it’s silence whenever needed…(actually it really is right now, I’m just on my way home and the ferry ride is like taking valium). 🙂

my god

In reply to You’ll be alright

we don’t have ferry rides here, so that leaves only one option

everybody is wasted in this town

nope

In reply to Sorry Jaqui

not into racing, or any other sport.
don’t do booze.

I socialise all the time, in r/t over coffee, wandering along the street talking to the hundreds of people I see that I know.
helping to care for homeless people.

but fun is building os from scratch.
movies? not interested.
a game? not interested.
concert? to loud
bar? nope.
tie someone up and beat them.. okay ya caught my interest.
specially if the one tied up is my wife.

Now Jaqui you have been caught out

In reply to nope

Someone just might tell her what you have mentioned and you’ll be copping crap for weeks to come. 😉

I on the other hand just tell “She Who Must Be Obeyed” exactly what I think she wants to hear only embellished quite a lot so she never believes a single word that I say. Well at least on anything nontechnical. but what gets me into no end of trouble is others telling her things. My son recently rang her up and said I would be back there in a short time and only had 10 minutes of work to do when I got back so I would be home shortly. Well 4 hours latter and I still had not turned up she flew up me for telling her lies and I didn’t even know anything about it. 🙁

Col ]:)

hmm

In reply to Now Jaqui you have been caught out

I thought he was just being kinky. Go fig’.

kniky?

In reply to Now Jaqui you have been caught out

no, my wife actually likes getting tied up and beaten.

though safe,sane and concentual only naturally.

leave your shoes on

In reply to Now Jaqui you have been caught out

don’t worry about it ]:)

not shoes

In reply to Now Jaqui you have been caught out

it’s leave your hat on.
that’s the song.

a great west coast swing even.

but I prefer, leave the chains on.

Oh well it rang a cool tune for me anyway

In reply to Now Jaqui you have been caught out

Now I have ‘(Take These) Chains’ by Judas Priest in my head, time to throw on THAT disk now.

I move away it don’t do me no good
Three thousand miles don’t help like I thought it would
Help me, beggin’ you please
You got the power down on my knees
Give me some kind of life
Leave me be

Take these chains off
Take ’em off my heart

Reach out to me, as if from the grave
I tried to run but I’m tied to you like a slave
It’s my fault loving you so
You were so precious, how could I know
You turned mean overnight
Poor poor me

Take these chains off
Take ’em off my heart

I don’t owe you anything
Why don’t you get out of my life
Through it all the memories cling
And I can’t sleep at night

Help me I’m beggin’ you please
You’ve got the power, down on my knees
Give me some kind of life
Leave me be

Take these chains off
Take ’em off my heart

Chains?

In reply to Now Jaqui you have been caught out

I now know far, far more about Jaqui than I ever imagined I would, or wanted to know. Thanks.

OK that is ENOUGH

In reply to Now Jaqui you have been caught out

I’m sick and tied of constantly having old songs rolling around in my head that I can not shake off and you lot are doing it just to get to me I know! 😉

This was a thread about implementing Linux or some other OS into a business situation and you lot have hijacked the entire thread with song memorabilia. 🙁

Give poor House a chance to at least get some information that might help him out and keep those BLOODY SONGS to your selves! 😀

Col ]:)

Sorry Colin

In reply to Now Jaqui you have been caught out

How immature of me. :p

Actually House has had some really good info here I think and this is a bit of a segue, so it’s easy for him to follow the main discussion if needed.

And you know house by now, he’s a BIG house and can have a good bitch seesion if he needs to. I’m sure he would have NO problem setting people straight if needed.

Now, go back to your computer bits and remember, “Some times you gotta go where everybody knows your name. And they’re always glad you came….”

🙂

OZ you really can be a

In reply to Now Jaqui you have been caught out

Bar Steward when you want to be can’t you? 😉

Now I have another old song rolling around in my head earlier today I got some really strange looks as I was humming one of them while I was paying the insurance for the wifes car. They must have thought I really got my jollies paying over massive sums of money as I was humming such a nice little song while crying inside thinking about just how much work I had to do to pay for “She Who Must Be Obeyed” car insurance. 🙁

But on the bright side she did allow me to drive her car as she is claiming that there is something wrong with it and wants it fixed {Even more money :(} but she insisted that I drive it to find out what it was doing wrong. 😀 {Of course I’m still driving it trying to find the fault that she mentioned {it’s nothing more than a loose power searing belt but I’ll be able to stretch it out for a few days as I keep claiming that I can not find the problem.

Col ]:)

Don’t worry about Colin

In reply to Now Jaqui you have been caught out

He comes from the land down under
Where beer does flow and men chunder
He’d better run, he’d better take cover
’cause we’ll keep on singing from this Tundra

🙂

Yup, the time has come!

In reply to Now Jaqui you have been caught out

“The time has come
To say fair’s fair
To pay the rent
To pay our share
The time has come
A fact’s a fact
It belongs to them
Let’s give it back

How can we dance when our earth is turning
How do we sleep while our beds are burning
How can we dance when our earth is turning
How do we sleep while our beds are burning”

I suppose one would need to camp by a billabong to understand though.

“Once a jolly swagman camped by a billabong,
Under the shade of a Coolibah tree,
And he sang as he watched and waited till his billy boil,
You’ll come a Waltzing Matilda with me.

Waltzing Matilda, Waltzing Matilda,
You’ll come a Waltzing Matilda with me,
And he sang as he watched and waited till his billy boil
You’ll come a Waltzing Matilda with me.”

]:)

Midnight Oil???

In reply to Now Jaqui you have been caught out

I haven’t heard that in years… thanks… now I see what Colin’s talking about.

What is even worse about the Oil’s

In reply to Now Jaqui you have been caught out

Is that their lead singer in now a Federal Polly. 🙁

But at least having Peter Garret in Federal Politics should liven things up a bit. 😉

I’ll dig up the words to an old Redgum song just to screw with your minds a bit. 😀

It will prove interesting as you lot will never have heard of it. They couldn’t even release it as a single and could only perform it live because of the implications it involved. Something about how to rip off your credit card company. 😀 It goes for about 15 minutes so it was never considered as Commercial by brought the house down every time that they performed it.

Col ]:)

Redgum, that would be useless

In reply to Now Jaqui you have been caught out

The idea is to drone a STUPID song into someone’s head that they remember. This way it takes a DAMN good counter song to remove it from your head.

Offering lyrics we’ve never heard doesn’t exactly have the same effect though.

🙂

Normally I would agree with you OZ

In reply to Now Jaqui you have been caught out

But in this case you will be rolling around the floor laughing so much that you will never get any work done. 😀

Col ]:)

Our house , in the middle of a bind

In reply to Solid DNS servers – Battle of the Distros

Our house, said we don’t have to be kind,

Anyhow, you should know me by now, if it comes with a big red ‘N’ I like it.

Therefore having used Novell Desktops, XD2 Desktops and Suse (especially v.9.2 with KDE 3.3) I MUST recommend Suse. If you don’t have linux gurus on site, doesn’t matter. Any windoze user has NO problems with it at all.

Servers? Need I say it?
Novell Linux HELLLLLLOOOOOO!!

See to ME this is a REAL no brainer, but I’m a Novell fan, sure beats being a MS fan, well it’s easier to do anyway.
Suse 9.2 Professional.
http://www.novell.com/products/linuxprofessional/downloads/x11/

I know, I’m an out of the box guy. I also streamline business process and increase office efficiency, so I look for maintenance free options all the time.

If it plugs and plays, I don’t give two s***s what something else can be MADE to do. I have better things to do that sit and stare at a Linux server all day while tweaking configuring and securing a network. Shove it in, set it up and get back to work.

Good point

In reply to Our house , in the middle of a bind

I will be looking at Novell this year, but as I stated in a new year’s discussion, my work with Novell will be mostly lab based.

One of the owners knows his stuff pretty good when it comes to *nix. My experience has been with workstation use only (tiny bit of administration), with a bit of Apache knowledge as well. I’ve worked with Bind before too, so it’s not all that bad – it’s all logical with good reference.

I think we should move to FC3 for now though – for the sake of comfort, security, and ease of use. ‘Maintenance Free’ would be ideal… there’s no time to screw around anymore.

Thanks Oz

You didn’t mention …

In reply to Our house , in the middle of a bind

… that Novell SuSE Linux Professonal v9.x comes with Novell server and Novell client software, in addition to the other network stacks that the other distros have. This probably doesn’t apply to house but you could keep Novell network protocol alive via Novell SuSE Linux servers and clients.

That’s why I didn’t state it as a benfit

In reply to You didn’t mention …

I figured house isn’t too interested in a Netware shop at this time, which is fine but I am sure it would work far better than initially expected. It’s just one of those things that you have to have it to be able to appreciate it. Especially Novell Linux, that has got to be the best move I’ve seen from them in many years.

Yes… I know

In reply to You didn’t mention …

Unfortunately, this is for one of our backups/altermates on a “public” network, so it does not apply.

What would I know?

In reply to Solid DNS servers – Battle of the Distros

We had a FreeBSD DNS server that ran non-stop for 666 days. It was reporting a bad hard drive for months before we replaced it. Broke the ‘nix guys heart.

indeed

In reply to What would I know?

Same sh*t, different pile though. I’ve been reading up on a few BSDs… unfortunately, I’m running out of computers here. I can only run so many at once, though I’m hoping to play around with openBSD as opposed to ‘freeBSD’ in the near future.

some points to ponder

In reply to Solid DNS servers – Battle of the Distros

I’ve been swamped lately, so it took me a bit to get to this one. Mea culpa.

First of all, keep in mind that I haven’t ever actually [i]directly[/i] implemented DNS and BIND, though I’ve set up a couple of blackbox solutions running DNS and done other, similarly related, work. In any case, I don’t know much about the specific challenges you’ll face in implementing DNS and BIND for your organization, but I can offer some observations based on my theoretical understanding of the needs of such servers.

The first things you need to pay attention to in making this decision are your organization’s specific needs, ease of implementation, ease of configuration, and ease of software updating. Since you’re talking about running Linux, issues of security and stability are largely secondary, since in general Linux is a fairly secure and stable OS by default. Where that isn’t true for specific implementations in some really egregious fashion, however, it pays to take note.

That being the case:

I’ve seen notable references to SuSE/Novell, Ubuntu, Debian, Fedora, Mandrake, xBSD, Slackware, and Linux From Scratch (LFS).

SuSE rates extremely well in ease of implementation, reasonably well in ease of software updating, and doesn’t suffer terrible problems involving security and stability as a dedicated server system. Configuration is decent, and there are tools included by default that should help you with server configuration. Novell integrated networking software solutions are wholly superfluous for your purposes, however. DNS/BIND systems act as servers for [b]other computers[/b], not for application-level operations, and the Novell integrated networking solutions are geared toward users, not computers. The amount of resource overhead and interface abstraction involved in implementing the Novell-carryover solution(s) on top of the basic SuSE Linux OS would be quite counterproductive for a DNS/BIND server setup. Consider the merits of SuSE without Novell’s NetWare-derived solutions on top of it. Since SuSE has the above mentioned positive characteristics and includes the KDE GUI in a default install, and since it uses YaST2 to help with more fine-grained software management from the GUI when necessary (which is apparently quite important for your purposes), SuSE Linux is a good option. I’m sure its DNS/BIND implementation is solid though, as I’ve mentioned, I don’t have any experience with it. If you’re planning to just turn off X and never use it again after initial implementation and configuration, though, I’d choose something else, as the CLI system administration tools (primarily those related to software management) tend to suck on SuSE.

Ubuntu is, primarily, just Debian with a default GUI setup and some GUI-related user-friendliness integrated. I haven’t used it myself (yet), but my discussions with those who have, reading about it, and understanding of the principles addressed by Ubuntu (not to mention the reputation of its creators and maintainers) indicate to me that it is probably a superlative option for those who want something as plain-vanilla Debian as possible with the added value of a lot of attention to detail for the GUI. It is above described as being optimized for desktop use, but the beauty of optimizing Linux (particularly Debian, in my experience) for a particular purpose is that it’s trivial to use it for another purpose without any degradation in suitability for that other purpose. In other words, don’t let the “optimized for the desktop” idea scare you off: that doesn’t mean it’s de-optimized for DNS/BIND server use. In fact, the desktop orientation of Ubuntu without reduction in suitability for server uses should be a net gain for your organization, because of the requirement for GUI functionality. Ubuntu should be exceedingly good with ease of implementation, ease of configuration, and ease of software management and updating. It does default to Gnome, however, which is probably less than optimal for you (noting your preference for KDE). Stability and security should be rock solid, particularly considering the close relationship Ubuntu has with Debian Stable. In general, this is a good option to consider for your organization’s needs and personal preferences, along with SuSE.

Fedora is, according to Fedora users with whom I’ve spoken, not nearly as much a “beta test” of RHEL as people seem to think. Those Fedora devotees tend to be quite biased in favor of Fedora, though, so take that with a grain of salt. I’m working with Fedora exclusively at my datacenter job, but as the datacenter technician I pretty much only deal with the command line for minor, routine tasks, and with installation on very much homogenous hardware certified to be RH compatible, so my experience with Fedora is not terribly useful there. I do know that it has options for ease of implementation that should be easier than my favorite (Debian) for those used to the GUI, though it has some quirks for CLI use that require some experience to really get a handle on ’em. Ease of configuration is roughly equivalent to that of SuSE. Software management and updating will likely be marginally less easy at the GUI than with SuSE, though a lot easier at the CLI than SuSE’s CLI administration tools (SuSE really is not my favorite at the CLI by any means, and is very clunky to try to wrangle when you aren’t using the GUI tools). If you want to try to reach a compromise between GUI and CLI, you could definitely choose worse options than Fedora. Fedora can be slightly flaky in comparison to RHEL, in my experience, so it’s not realistically up to the RHEL standard, but if you can implement it successfully you should be able to make good use of it without major issue.

Avoid Mandrake like the plague for server purposes, if you don’t have any specific preference for it. Mandrake is the exception to the “you can optimize for one thing without losing suitability for another”, generally. In optimizing for end-user desktop performance and user-friendliness, some decisions have been made that make it suboptimal for server-only use. It is, of course, leagues better than Windows for such purposes, and is much closer in server suitability in most implementations to other unices than it is to Windows, but the worst of a good bunch is still not as good as something from the average-or-better range of that same good bunch. If you are comfortable with Mandrake, dislike all other distros, and generally just want to use it, it probably won’t hurt anything to do so, but all else being equal I recommend against Mandrake.

Slackware, when properly implemented and configured, is probably about the best server Linux in existence (not counting something even more bare-metal like LFS), right up to the point where you need to start doing any ongoing system administration. At that point, it becomes quite a pain in the arse because it just doesn’t include the same ease of maintenance as other distributions like Debian, RHEL/Fedora, and SuSE. It’s also not as easily implemented and configured for anyone that isn’t essentially a Linux god as the other major distributions. For any kind of corporate environment, I have to recommend against it for reasons that are essentially the diametrical opposite of those I recommend against Mandrake. These two distributions are extremes, where your needs will be closer to the middle. I’m not surprised you’ve run into issues with it, though the fault is not with Slackware so much as with the fact that the job of system administration on Slackware requires skillsets that just aren’t prevalent enough to expect it to be properly managed in a business environment, generally speaking.

Linux From Scratch is great if you want the extremely implementation-specific perfection of a system you built from component bits to do the job at hand. See Slackware re: system administration, though, and double the problem (at least). This is not something I’d use as a DNS/BIND server in a corporate environment if I had [b]any[/b] other option, I think. In fact, it might even be a toss-up between LFS and Windows, just because even if I know what I’m doing, I’ll eventually leave and someone else will have to maintain the system when I’m gone.

This leaves Debian (which you’ve already said you probably don’t want to use) and the BSDs. It has been suggested you use FreeBSD, but if you’re going to use a BSD, I recommend OpenBSD. It is widely regarded as “the” stable and secure x86-compatible OS, and if you’re going to deal with the less-user-friendly-than-Linux issues of BSD anyway, you might as well go with the more server-oriented BSD of the lot. Implementing DNS and BIND on OpenBSD should provide a rock solid, robust, simple solution for you, though you won’t have the same ease of system administration that you would with many Linux distributions.

Debian, meanwhile . . .

Obviously, Debian is my favorite. You already know this. This is, in large part, for three reasons:

1. It is very easy to maintain, with the best CLI implementation of software management tools available. This is very, very important for business production environment server systems.

2. It installs cleanly. Even when you tell Fedora to do a “minimal install” with no extra junk, it still installs about half again as much crap as Debian’s minimal install. Granted, it’s not as clean as LFS, but it’s comparable with Slackware in that regard (except that it includes the aforementioned software management system). This is, of course, quite important for server systems.

3. Security and stability are legendary in Linux circles. I don’t think any other distribution of Linux has people testing, cross-testing, compatibility testing, and otherwise beating the hell out of software to make sure it’ll work properly as thoroughly as Debian’s community does these things. As I said earlier, this isn’t quite as big a deal as other concerns when you choose a good Linux distribution at all, but it’s still one of the reasons I like Debian as much as I do.

That aside, you express concerns with Debian’s suitability to the needs of your organization. That’s a deal-breaker. If it doesn’t fit, don’t use it. Before discarding it as being difficult to configure, however, and going after a more kitchen-sink approach to Linux installation and configuration, you might want to take a look at the tasksel option for installing Debian on your system. Using tasksel during installation basically turns Debian into something of a kitchen-sink distro itself, though it still maintains some of its purity of installation in that it still tends to be less bloated and less unwieldy than some other kitchen-sink installations. I don’t have a whole lot of experience with tasksel managed implementations of Debian, though, so I can’t swear to its suitability much. I used tasksel to set up a desktop system for a friend a few days ago, and it is working beautifully, but one good experience for one end-user doesn’t mean much for your purposes.

In any case, whenever you read anyone’s recommendations about which distro to use, keep my short list of important considerations in mind and realize that many of the reasons people (myself included) might cite for choosing a particular distribution will be [b]entirely irrelevant[/b] for your purposes. Focus on what’s important for your needs, and feel free to disregard the rest.

mind if I print that?

In reply to some points to ponder

You’ve answered a few nagging questions that I’ve been facing over the past little while. You’ve laid out the spectrum that I’ve been looking for. Thanks.

Eventually, I will be the judge of my own OS, but for now, when it comes to *nix, I’m a little bit on the green side of things.

It’s funny that you mentiion openBSD when I have it sitting right beside me. Right now… we have one guy who can handle this stuff pretty good, myself who can handle it to a certain extent with solid reference (logic is my strength), and bunch of other folks whose strengths lie in other areas (windows, web-dev, SQL, oop, business strategy, advertising, accounting, etc). I often wonder what would happen if my buddy wasn’t around.

Thanks,
Chris

be my guest

In reply to mind if I print that?

Print if you like. Assume that, apart from where I quote others, my posts are released under CCD CopyWrite license, which basically means that it’s free for copying and distribution, but that derivative works must be released under CCD CopyWrite as well and due credit attribution must be given to the author. You’re quite welcome for the use you get from my ramblings, of course.

We’re all learning, and every time someone gives a thoughtful reply to the question “Which distro?” I get to learn something new. Best o’ luck in your endeavor.

named / bind

In reply to some points to ponder

http://www.tldp.org/LDP/nag2/x-087-2-resolv.named.html

tldp data from linux networking guide version 2
on configuring and using dns service through named ( bind ) in linux

tldp

In reply to named / bind

This site is full of useful stuff. I’ve been there a few times before, but I’ve never seen what you are linking me to right now. I’ll cheeck it out.

only reason I knew

In reply to tldp

that the dns/bind/named data was there,
I bought a hard copy of advanced reference 7th edition, which is network/system admin for linux..and the howtos.
basically the better part of half of tldp.

matter of taste

In reply to only reason I knew

I like the How To section as well… I tend to develop my sense of logic through practical use, so the in-depth guides are really not for me.

When it comes to a large book, I’d rather have a published text that I can hold in my hand and put on the shelf. I’ve recently run off an OpenBSD faq – I wonder when I’ll need to drop another $300 on toner.

tommorow?

In reply to matter of taste

when you finish downloading the pdf of the tldp site?

~lol~

I get 20,000 pages

In reply to tommorow?

And I still run out. Every once in a while, I’ll give it a kick and get another 1,000 or so.

The number one tech tool is the foot.

that’s one

In reply to tommorow?

heck of a printer.
what make model is it?

I use my hand, smack the system hard when it starts acting up, settles it right back down.

Printer Model…

In reply to tommorow?

LEXMARK LEXMARK LEXMARK LEXMARK LEXMARK LEXMARK LEXMARK LEXMARK

Lexmark 1855 S-Series.

Price? free-ninety-nine.

A bit of bartering got me this baby. Toner’s expensive though… and I only have one tray for paper.

LEXMARK LEXMARK LEXMARK LEXMARK LEXMARK LEXMARK LEXMARK LEXMARK

Bind 9

In reply to Solid DNS servers – Battle of the Distros

I would recommend using bind 9 on a *nix. It is fully featured.

9.2.3

In reply to Bind 9

Yes. Bind 9 is on the list in Fedora 3.

We are aware of a few differences.

In a Bind

In reply to Solid DNS servers – Battle of the Distros

I’ve really been impressed with the White box distro. A near exact copy of Redhat ES it is very stable. I’ve also run RH ES on about 30+ servers and I can tell no difference other then the branding.

Also consider an alternative to bind – http://tinydns.org/

Very stable, small and secure. Unlike Bind nobody has created a GUI to configure so be prepared to hit the CL.

W

[Author]

Replies