[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
Gary wrote: > > Now the problem is this ... the current Debian setup also has a BIND9 DNS > server set up on it (bad practice I know running a firewall and DNS server > on the same machine) and they want the replacement PC to have the same. I think time to exercise a little political muscle. If they want a locked down easy to manage firewall distro, then that is what they want, and they should move the DNS service elsewhere. I'd be wary of even trying to add something like BIND9 to a distro that didn't have it. Ubuntu didn't manage to supply me with a stable copy of BIND9, why do you think you'll succeed? Just stick a locked down firewall in a drop in configuration, and leave an old PC running Debian Sarge and BIND9 on the old IP address, would be my advice. Hey you probably already have such a PC up and running. Bad practice I know, but hell I have a firewall running BIND9, it doesn't worry me much give the recursive server is locked down tightly, the BIND 9 process runs chrooted, and the box is massively over specified, rock solid, and always on (at least when the Internet connection is working). It isn't protecting Fort Knox, and the majority of the browsers in use behind it scare me far more. - The Mailing List for the Devon & Cornwall LUG Mail majordomo@xxxxxxxxxxxxx with "unsubscribe list" in the message body to unsubscribe. FAQ: www.dcglug.org.uk/linux_adm/list-faq.html