[CentOS] new CentOS 5 as DNS server

Ken Price kprice at nowyouknow.net
Fri Aug 3 13:46:49 UTC 2007


>> Well, if you are willing to look into BIND alternatives, please take a
>> look also at tinydns which is part of the djbdns package.
>>
>> Dead simple format for dns configuration and on-the-fly zone updating
>> are some of its features.
>> _______________________________________________
>> CentOS mailing list
>> CentOS at centos.org
>> http://lists.centos.org/mailman/listinfo/centos
> Feizhou,
>
> I'm more than willing to look into alternatives, especially when
> recommended by those more knowledgeable than I (which is *most* of this
> list, I might add)
>
> So, thank you *very* much for that.  The machine is slated to go live
> this weekend so i've clearly got some reading and evaluating to do (on
> my testbed machine, of course).
>
> Thanks again...and again,
> ~Ray


I'm coming in late to this thread.  We too are a hosting provider  
(small time), hosting approximately 1600 live domains.

Not to say tinydns is a bad alternative, as it has it's strengths, but  
we moved away from [outgrew] it 2 years ago.

If you were already running Bind, CentOS 5 is a great platform.  I run  
a few multi-domain (3-10) slaves using a chrooted Bind for a couple  
offsite clients.  Fine for small number of domains.  Short term, I'd  
recommend just getting another Bind install up and running to fix your  
issue, THEN look at alternatives.

I've personally used PowerDNS, TinyDNS, MyDNS, nsd, Bind 8/9, and MS  
DNS.  PowerDNS is phenomenal.  Look into the proprietary  
"supermaster/superslave" functionality.  To manage the 1600+ domains,  
we have our primary server setup using a MySQL backend.  This allows  
simple integration of our accounting and support systems.  The slaves  
are using sqlite3 backends.  One word of caution, while a "superslave"  
may automatically add a new domain, it will not remove domains deleted  
at the master.  I've solved this by removing all non NS/SOA records  
from that domain and updating the serial on the master - so changes  
propagate to slaves.  Then have a cronjob running that purges empty  
domains from the databases on the master and slaves.

Also, I've found the PowerDNS RPM's located at the EPEL repo to be  
completely stable.  They even have the backends broken out separately.

Lastly, I don't know about you, but I hate giving shell access where  
it's not needed ... especially to support staff under a Tier3 level.   
So I use Pure-FTPD  running virtual users and an FTPS (not SFTP)  
client like lftp or filezilla for transfers.  If I need a higher level  
of security then I use rsync over SSH.

Forgive me for being so verbose. :-)

-ken






More information about the CentOS mailing list