Message-ID: 4991E3B7.6090503@andrei.myip.org
On: Tue, 10 Feb 2009 12:29:43 -0800, Florin Andrei florin@andrei.myip.org wrote:
Jake wrote:
We're about to start moving our public DNS to in-house managed servers. My first thought was "Linux + BIND" and we're done. Someone in another business unit's IT dept. has suggested tinydns be used.
But things have changed. Nowadays Bind is solid enough. If you're still worried about security issues (you shouldn't, but I'm assuming the paranoid scenario) then CentOS has a good SELinux policy around it, so just install the latest CentOS, keep SELinux enabled, do a "yum update" every once in a while, and be at peace. By the way, this is also the most sweat-free solution from a sysadmining perspective.
With one very large caveat.
Be aware that updating bind via yum can result in your existing bind configuration files being renamed to something.rmpsave and your name server left in a dysfunctional state. I suggest that you consider excluding bind from normal updates and only update it when you are ready and able to check for possible configuration issues.