From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org)
	by finch.gentoo.org with esmtp (Exim 4.60)
	(envelope-from <gentoo-user+bounces-127022-garchives=archives.gentoo.org@lists.gentoo.org>)
	id 1Qtqbh-0004Z7-N9
	for garchives@archives.gentoo.org; Thu, 18 Aug 2011 00:37:14 +0000
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 50D2E21C2CE;
	Thu, 18 Aug 2011 00:36:45 +0000 (UTC)
Received: from svr-us4.tirtonadi.com (unknown [69.65.43.212])
	by pigeon.gentoo.org (Postfix) with ESMTP id DCE1621C2BA
	for <gentoo-user@lists.gentoo.org>; Thu, 18 Aug 2011 00:35:07 +0000 (UTC)
Received: from mail-fx0-f53.google.com ([209.85.161.53])
	by svr-us4.tirtonadi.com with esmtpsa (TLSv1:RC4-SHA:128)
	(Exim 4.69)
	(envelope-from <pandu@poluan.info>)
	id 1QtqZf-000d61-Dr
	for gentoo-user@lists.gentoo.org; Thu, 18 Aug 2011 07:35:07 +0700
Received: by fxd23 with SMTP id 23so1218781fxd.40
        for <gentoo-user@lists.gentoo.org>; Wed, 17 Aug 2011 17:35:03 -0700 (PDT)
Precedence: bulk
List-Post: <mailto:gentoo-user@lists.gentoo.org>
List-Help: <mailto:gentoo-user+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-user+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-user+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user.gentoo.org>
X-BeenThere: gentoo-user@lists.gentoo.org
Reply-to: gentoo-user@lists.gentoo.org
MIME-Version: 1.0
Received: by 10.223.66.91 with SMTP id m27mr160236fai.7.1313627703901; Wed, 17
 Aug 2011 17:35:03 -0700 (PDT)
Received: by 10.223.96.11 with HTTP; Wed, 17 Aug 2011 17:35:03 -0700 (PDT)
In-Reply-To: <CAEH5T2O40RZMs2Ct3ur55TCn5aDv-2Ym7s1PR2mBUtKfzLcuug@mail.gmail.com>
References: <CAN0CFw0FU_zdDNAe4VazPMM=AJ04h7ZkfmHQK=Qxt2GGV_swVg@mail.gmail.com>
	<CAEH5T2O40RZMs2Ct3ur55TCn5aDv-2Ym7s1PR2mBUtKfzLcuug@mail.gmail.com>
Date: Thu, 18 Aug 2011 07:35:03 +0700
Message-ID: <CAA2qdGXxkTQE4+s3+yPqZURLdxiyzhGVMHkUtCgxoac4yuS+hg@mail.gmail.com>
Subject: Re: [gentoo-user] Running HTTP and DNS on same machine
From: Pandu Poluan <pandu@poluan.info>
To: gentoo-user@lists.gentoo.org
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - svr-us4.tirtonadi.com
X-AntiAbuse: Original Domain - lists.gentoo.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - poluan.info
X-Archives-Salt: 
X-Archives-Hash: 90c160dcc3db5896431d6632ff162491

Adding to success stories:

I've deployed bind-9 on FreeBSD, Debian, and Arch. The most trouble
was with Debian, what with the 'compositing trees' etc. The easiest
was with FreeBSD. All three DNS servers are now in their eighth month
of production, handling half of my company's NS needs.

It's really not difficult. Complex, yes, but not difficult. With the
help of http://www.zytrax.com/books/dns and the handbooks, I finished
the FreeBSD and Arch installations in one day. (The Debian took
another day of hair-pulling to understand HTF they put their
compositing files together).

One tip from me would be to prepare the DNS servers beforehand, test
them, *then* ask the registrar to transfer the domain name to you.
Like others have posted, most will require you to provide at least two
authoritative NS.

In my situation, I have 1 server in the cloud, and 2 servers in the
company (responding to DNS requests via 2 different ISPs).

That said, I might be installing a different NS for the 4th NS for
diversity (i.e., prevent a single attack from disabling all 4 NS
servers).

Rgds,


On 2011-08-18, Paul Hartman <paul.hartman+gentoo@gmail.com> wrote:
> On Wed, Aug 17, 2011 at 3:56 PM, Grant <emailgrant@gmail.com> wrote:
>> I currently use a free service to host the DNS records for my website,
>> but I'm thinking of running a DNS server on the same machine that runs
>> my website instead. =C2=A0Would that be fairly trivial to set up and
>> maintain? =C2=A0If so, which package should I use?
>
> Just to counter all of the scary stories, I recently (within the past
> month or so) installed bind for the first time and set it up after a
> few days of googling around and reading docs. It seems to be working
> properly and securely, but I'd be lying if I said there wasn't a large
> amount of dumb luck, finger-crossing and hand-waving involved on my
> part to get it working. I have some familiarity with editing DNS zone
> files (on other people's servers) so I wasn't going into it completely
> blind.
>
> I don't know if I'd call it "fairly trivial", but with howto's and
> google at your fingertips you should be able to get it set up properly
> if you really want to.
>
> Usually the web-based DNS management by your domain name registrar or
> hosting provider are good enough for most "personal domain" kind of
> usage (like mine). In my case there was something that their web-based
> editor didn't support (TXT records on subdomains or something like
> that), and mostly because I just felt like trying to do it myself.
> Since they are my personal domains, nobody else will suffer if I break
> everything. Others are in the (lucky? not so lucky?) positions of
> administering systems where things actually have to work right the
> first time and all the time. :)
>
>


--=20
--
Pandu E Poluan - IT Optimizer
My website: http://pandu.poluan.info/