[Cialug] network solutions

[Daniel A. Ramaley]

On 2013-07-18 at 10:55:17, L. V. Lammert wrote:
>We have been using BuddyNS for our SLUUG domains, .. for home use,
>something like no-ip might be appropriate.

BuddyNS looks interesting; i hadn't heard of that one. I like the 
$2/month--that's pleasantly cheap. At work we have 2 public DNS servers 
on site, plus a Linode, plus DtDNS. I might recommend switching the 
DtDNS over to BuddyNS though.

>bind has been used for what, 30 years? Not overkill, .. it just works.
>It also runs chroot'd on the appropriate OS (e.g. OpenBSD), which
>adds a very important layer of security. Of course, that assumes you
>have a static IP.

You imply that it is possible to *not* have a static IP? What kind of 
half-baked internet service would that be? Does not compute.  :)

Red Hat Linux also used to chroot their bind. In RHEL 6 they started 
making it slightly more difficult to chroot because they are trying to 
promote SE Linux instead. Generally i think the purpose of SE Linux (and 
having it enabled by default, ala RHEL) is to give novice sysadmins 
practice figuring out how to turn something off, but running SE Linux on 
something as simple as a DNS server really isn't that problematic.

At home i run OpenBSD and do appreciate all the attention that has been 
given to the default configuration with respect to security. Wish we 
could use it more at work, but we're a Red Hat shop.
__
Daniel A. Ramaley
Network Engineer 2

Dial Center 112, Drake University
2407 Carpenter Ave / Des Moines IA 50311 USA
Tel: +1 515 271-4540
Fax: +1 515 271-1938
E-mail: daniel.ramaley at drake.edu