My DNS server has been running Centos for some time.
I am in the process of upgrading it to Centos 5.5 (long overdue, I know).
Since we now have .com signed I want to get my domain signed as well, but I see that Centos 5.5 is running BIND 9.3.6 and a thread on the BIND list recommends against running a DNSSEC master zone on anything less than 9.6 and you really should be on 9.7.
The thread DOES mention that some functionality has been backported by RH to what their 9.3.6.
I did find the following:
http://jason.roysdon.net/2009/10/16/building-bind-9-6-on-rhel5-centos5-for-d...
Is this the best path at this time? Can anyone point me to other documents?
I have a server that I can test this out and get everything ready before I upgrade my main Centos DNS server. This way I can get it right in one try (or that is the dream).
My DNS servers (master slave) already running on CentOS 5.5 both 64 and I'm using Bind 9.7.2p2 (now is latest version), I never use rpm package because is so old, I recomended to you for compile the latest version for more secure and more capability.
About DNSSEC I don't have experience because I'm not try yet :D, but my bos tell me if DNSSEC needed for more secure.
- -- Best regards, David http://blog.pnyet.web.id
On 11/10/2010 12:16 AM, Robert Moskowitz wrote:
My DNS server has been running Centos for some time.
I am in the process of upgrading it to Centos 5.5 (long overdue, I know).
Since we now have .com signed I want to get my domain signed as well, but I see that Centos 5.5 is running BIND 9.3.6 and a thread on the BIND list recommends against running a DNSSEC master zone on anything less than 9.6 and you really should be on 9.7.
The thread DOES mention that some functionality has been backported by RH to what their 9.3.6.
I did find the following:
http://jason.roysdon.net/2009/10/16/building-bind-9-6-on-rhel5-centos5-for-d...
Is this the best path at this time? Can anyone point me to other documents?
I have a server that I can test this out and get everything ready before I upgrade my main Centos DNS server. This way I can get it right in one try (or that is the dream).
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
On Tue, 9 Nov 2010, Robert Moskowitz wrote:
Since we now have .com signed I want to get my domain signed as well, but I see that Centos 5.5 is running BIND 9.3.6 and a thread on the BIND list recommends against running a DNSSEC master zone on anything less than 9.6 and you really should be on 9.7.
The just announced customer only RHEL 5.6 beta notes: bind 9.7 - improved DNSsec support
-- Russ herrold
On 11/09/2010 12:14 PM, R P Herrold wrote:
On Tue, 9 Nov 2010, Robert Moskowitz wrote:
Since we now have .com signed I want to get my domain signed as well, but I see that Centos 5.5 is running BIND 9.3.6 and a thread on the BIND list recommends against running a DNSSEC master zone on anything less than 9.6 and you really should be on 9.7.
The just announced customer only RHEL 5.6 beta notes: bind 9.7 - improved DNSsec support
So is there a Centos 5.6 beta with bind 9.7 or should I switch to FC13/14? :)
And given that this system is pretty much ONLY a DNS server, is my 'risk' of using the beta minimal?
On Tue, Nov 09, 2010 at 12:33:36PM -0600, Robert Moskowitz wrote:
On 11/09/2010 12:14 PM, R P Herrold wrote:
On Tue, 9 Nov 2010, Robert Moskowitz wrote:
Since we now have .com signed I want to get my domain signed as well, but I see that Centos 5.5 is running BIND 9.3.6 and a thread on the BIND list recommends against running a DNSSEC master zone on anything less than 9.6 and you really should be on 9.7.
The just announced customer only RHEL 5.6 beta notes: bind 9.7 - improved DNSsec support
So is there a Centos 5.6 beta with bind 9.7 or should I switch to FC13/14? :)
And given that this system is pretty much ONLY a DNS server, is my 'risk' of using the beta minimal?
I would just wait for CentOS 5.6 and sign later.
If you need to move forward more quickly, you might be able to rebuild the SRPM's from Fedora for CentOS without too much hassle.
Moving to Fedora 13/14 is fine as long as you're OK with the short lifecycles of the products.
Ray
On 11/9/2010 12:33 PM, Robert Moskowitz wrote:
On 11/09/2010 12:14 PM, R P Herrold wrote:
On Tue, 9 Nov 2010, Robert Moskowitz wrote:
Since we now have .com signed I want to get my domain signed as well, but I see that Centos 5.5 is running BIND 9.3.6 and a thread on the BIND list recommends against running a DNSSEC master zone on anything less than 9.6 and you really should be on 9.7.
The just announced customer only RHEL 5.6 beta notes: bind 9.7 - improved DNSsec support
So is there a Centos 5.6 beta with bind 9.7 or should I switch to FC13/14? :)
And given that this system is pretty much ONLY a DNS server, is my 'risk' of using the beta minimal?
Not sure how much fedora has diverged in recent revisions but it used to generally be straightforward to grab a fedora source rpm and build it under Centos.
On Tue, 9 Nov 2010, Robert Moskowitz wrote:
The[y] just announced customer only RHEL 5.6 beta notes: bind 9.7 - improved DNSsec support
So is there a Centos 5.6 beta with bind 9.7 or should I switch to FC13/14? :)
I inadvertently sent that under a @centos.org email address - that should have been from @owlriver -- sorry, as it was in no wise a statement from centos, and was my personal observation only
And given that this system is pretty much ONLY a DNS server, is my 'risk' of using the beta minimal?
well, you get to keep all the pieces ;)
-- Russ herrold
Quoting R P Herrold herrold@owlriver.com:
On Tue, 9 Nov 2010, Robert Moskowitz wrote:
The[y] just announced customer only RHEL 5.6 beta notes: bind 9.7 - improved DNSsec support
So is there a Centos 5.6 beta with bind 9.7 or should I switch to FC13/14? :)
I inadvertently sent that under a @centos.org email address - that should have been from @owlriver -- sorry, as it was in no wise a statement from centos, and was my personal observation only
And given that this system is pretty much ONLY a DNS server, is my 'risk' of using the beta minimal?
well, you get to keep all the pieces ;)
You may be interested in the instructions for running DNSSEC under RHEL 6 (when available) that was presented by Red Hat training at the Red Hat Summit this year.
http://www.redhat.com/promo/summit/2010/presentations/taste_of_training/Summit_2010_DNSSEC.pdf
On 11/09/2010 01:57 PM, Barry Brimer wrote:
Quoting R P Herroldherrold@owlriver.com:
On Tue, 9 Nov 2010, Robert Moskowitz wrote:
The[y] just announced customer only RHEL 5.6 beta notes: bind 9.7 - improved DNSsec support
So is there a Centos 5.6 beta with bind 9.7 or should I switch to FC13/14? :)
I inadvertently sent that under a @centos.org email address - that should have been from @owlriver -- sorry, as it was in no wise a statement from centos, and was my personal observation only
And given that this system is pretty much ONLY a DNS server, is my 'risk' of using the beta minimal?
well, you get to keep all the pieces ;)
You may be interested in the instructions for running DNSSEC under RHEL 6 (when available) that was presented by Red Hat training at the Red Hat Summit this year.
http://www.redhat.com/promo/summit/2010/presentations/taste_of_training/Summit_2010_DNSSEC.pdf
This is VERY helpful. Thanks.
On Tue, 2010-11-09 at 13:14 -0500, R P Herrold wrote:
On Tue, 9 Nov 2010, Robert Moskowitz wrote:
Since we now have .com signed I want to get my domain signed as well, but I see that Centos 5.5 is running BIND 9.3.6 and a thread on the BIND list recommends against running a DNSSEC master zone on anything less than 9.6 and you really should be on 9.7.
The just announced customer only RHEL 5.6 beta notes: bind 9.7 - improved DNSsec support
-- Russ herrold
---- Did you give a kick at build try? targeting el5?
John
2010/11/9 Robert Moskowitz rgm@htt-consult.com:
My DNS server has been running Centos for some time.
I am in the process of upgrading it to Centos 5.5 (long overdue, I know).
Since we now have .com signed I want to get my domain signed as well, but I see that Centos 5.5 is running BIND 9.3.6 and a thread on the BIND list recommends against running a DNSSEC master zone on anything less than 9.6 and you really should be on 9.7.
Hi Robert,
Take a look at here:
http://people.redhat.com/atkac/bind/5.6-test/ http://people.redhat.com/atkac/bind/5.6-test/bind97-9.7.0-1.P2.src.rpm
This is working fine with CentOS 5.5.
If you don't have enough time to compile it:
http://download.imt-systems.com/rhel5/bind/
Best regards,
Morten
-
Barry Brimer -
David S. -
JohnS -
Les Mikesell -
Morten P.D. Stevens -
R P Herrold -
R P Herrold -
Ray Van Dolson -
Robert Moskowitz