[WBEL-users] Recommendation for BIND only distro?
erik at cpsc.ucalgary.ca
Wed May 25 11:48:20 CDT 2005
I'd go with your first idea. Reasons:
1) Running fewer distros helps toward standardisation of your environment.
2) Basically all you'd need is bind, an editor, and an update agent.
3) Stop all other services on that machine (portmap, etc), and you've
already gone a long way to protecting that machine.
Bob Ramstad wrote:
> I'm sure some of the other good sysadmin type folks here have run into this...
> We have a need to bring up a very very limited role server for taking
> care of external DNS requests. This will be the only public service
> at our location.
> My initial thought was to do a WBEL3 minimal install, then add BIND,
> and go from there. (When all you have is a hammer, everything looks
> like a nail...)
> It then occurred to me that it would be more secure to build the
> machine in a way that it could be totally burned down, hacked, and
> whatnot with the only downside being loss of the service.
> It then occurred to me that there have to be some distros out there
> that are meant for this kind of purpose, and sure enough, there's an
> embarassment of riches out there... hard to choose one.
> Anyone care to offer an opinion as to which approach makes more sense
> to them (WBEL3 minimal install OR dedicated router / firewall / BIND
> type distro) and if the latter, recommend one of the many distros out
> Anyone out there running a Linux box from read only media, like
> CD-ROM, for firewall / routing / BIND?
> -- Bob
> Whitebox-users mailing list
> Whitebox-users at beau.org
e r i k w i l l i a m s o n erik at cpsc.ucalgary.ca
system admin . department of computer science . university of calgary
More information about the Whitebox-users