From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 6251213888F for ; Sun, 11 Oct 2015 07:36:31 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 9E8F921C012; Sun, 11 Oct 2015 07:36:22 +0000 (UTC) Received: from mail-wi0-f177.google.com (mail-wi0-f177.google.com [209.85.212.177]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 65659E07B3 for ; Sun, 11 Oct 2015 07:36:21 +0000 (UTC) Received: by wicge5 with SMTP id ge5so115321286wic.0 for ; Sun, 11 Oct 2015 00:36:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-type:content-transfer-encoding; bh=wjnWiS7Oric8AjbfAi/3vn54fQWdsdiWFekJyrn/FEo=; b=nCMO5YOijtPV3LT2qvxx4AL1P41BRaqFALtd7/zqQSV6Er6y9blSdrrbG9rdMAZyjk iNodQEARmLMapA29goXVGmB1RjL/+ppYuKY/f5ocW/JQsR+KCEDrNCDgjnO4gZsPGfdQ gIR0IsON23hXRsvc3z4cMJwHgFCUMEHcSM9S1eu33h1TUX5QA+QSSl6Sl2upOk9UYqPi v3jh5Ics6WIJ35aiiHeMxl87jJqi26n1WqK/Xa9Fjf1IYnWHIrijMR/jh4sK+GmFdhPg LggZmnLcOSmw3jyU6/zoDttIXvktN8DR5FbpMc4bhyLLdX2JeSFDJWszyEGxmuyNUfgr tgEQ== X-Received: by 10.194.19.169 with SMTP id g9mr23077096wje.64.1444548979981; Sun, 11 Oct 2015 00:36:19 -0700 (PDT) Received: from [172.20.0.41] ([105.210.54.110]) by smtp.googlemail.com with ESMTPSA id kb9sm12230328wjb.49.2015.10.11.00.36.18 for (version=TLSv1/SSLv3 cipher=OTHER); Sun, 11 Oct 2015 00:36:19 -0700 (PDT) Subject: Re: [gentoo-user] DNS server packages To: gentoo-user@lists.gentoo.org References: From: Alan McKinnon X-Enigmail-Draft-Status: N1110 Message-ID: <561A114B.9020701@gmail.com> Date: Sun, 11 Oct 2015 09:35:39 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit X-Archives-Salt: b416c55d-875e-4517-9ede-ded8ab67dae4 X-Archives-Hash: 7612eb2a8b2471f5c463cfc530ddd68a On 11/10/2015 04:13, James wrote: > Howdy, > > So I now have (5) statics and a fiber feed, with lots of room to grow. > > I need to setup DNS primary/secondary systems on gentoo. So right now I'm > looking for a suggested list of packages to install with Bind, iptables and > DNSSEC-tools as these (2) gentoo dns servers will only run the minimum > packages to operate securely? auth or cache? First of all, bind is a pain to use. Reason: it's actually a reference implementation that as usual got forced into production use. It's slower than it could be because it deals with every possible corner case per RFC. As an auth server (few queries) it's OK As a cache (many queries), there are better servers out there. I prefer unbound. > Also, what is the (nominal) minimum amount of RAM needed to keep all routes > in ram in these name servers? I don't understand. DNS servers don't keep routes in memory - routers do that. Perhaps you mean cached DNS records? DNS is light on RAM, there are only so many records typical users will look up. DNS caches not too long ago ran for years problem free with a puny few hundred MB. It's not something to be worried about. -- Alan McKinnon alan.mckinnon@gmail.com