FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > CentOS > CentOS

 
 
LinkBack Thread Tools
 
Old 11-09-2010, 04:45 PM
"David S."
 
Default Running a DNS signed zone on Centos 5.5

My DNS servers (master slave) already running on CentOS 5.5 both 64 and
I'm using Bind 9.7.2p2 (now is latest version), I never use rpm package
because is so old, I recomended to you for compile the latest version
for more secure and more capability.

About DNSSEC I don't have experience because I'm not try yet , but my
bos tell me if DNSSEC needed for more secure.

-
--
Best regards,
David
http://blog.pnyet.web.id


On 11/10/2010 12:16 AM, Robert Moskowitz wrote:
> My DNS server has been running Centos for some time.
>
> I am in the process of upgrading it to Centos 5.5 (long overdue, I know).
>
> Since we now have .com signed I want to get my domain signed as well,
> but I see that Centos 5.5 is running BIND 9.3.6 and a thread on the BIND
> list recommends against running a DNSSEC master zone on anything less
> than 9.6 and you really should be on 9.7.
>
> The thread DOES mention that some functionality has been backported by
> RH to what their 9.3.6.
>
> I did find the following:
>
> http://jason.roysdon.net/2009/10/16/building-bind-9-6-on-rhel5-centos5-for-dnssec-nsec3-support/
>
> Is this the best path at this time? Can anyone point me to other documents?
>
> I have a server that I can test this out and get everything ready before
> I upgrade my main Centos DNS server. This way I can get it right in one
> try (or that is the dream).
>
>
> _______________________________________________
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 11-09-2010, 05:14 PM
R P Herrold
 
Default Running a DNS signed zone on Centos 5.5

On Tue, 9 Nov 2010, Robert Moskowitz wrote:

> Since we now have .com signed I want to get my domain signed as well,
> but I see that Centos 5.5 is running BIND 9.3.6 and a thread on the BIND
> list recommends against running a DNSSEC master zone on anything less
> than 9.6 and you really should be on 9.7.

The just announced customer only RHEL 5.6 beta notes:
bind 9.7 - improved DNSsec support

-- Russ herrold
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 11-09-2010, 05:33 PM
Robert Moskowitz
 
Default Running a DNS signed zone on Centos 5.5

On 11/09/2010 12:14 PM, R P Herrold wrote:
> On Tue, 9 Nov 2010, Robert Moskowitz wrote:
>
>
>> Since we now have .com signed I want to get my domain signed as well,
>> but I see that Centos 5.5 is running BIND 9.3.6 and a thread on the BIND
>> list recommends against running a DNSSEC master zone on anything less
>> than 9.6 and you really should be on 9.7.
>>
> The just announced customer only RHEL 5.6 beta notes:
> bind 9.7 - improved DNSsec support

So is there a Centos 5.6 beta with bind 9.7 or should I switch to
FC13/14?

And given that this system is pretty much ONLY a DNS server, is my
'risk' of using the beta minimal?


_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 11-09-2010, 05:45 PM
Ray Van Dolson
 
Default Running a DNS signed zone on Centos 5.5

On Tue, Nov 09, 2010 at 12:33:36PM -0600, Robert Moskowitz wrote:
> On 11/09/2010 12:14 PM, R P Herrold wrote:
> > On Tue, 9 Nov 2010, Robert Moskowitz wrote:
> >
> >
> >> Since we now have .com signed I want to get my domain signed as well,
> >> but I see that Centos 5.5 is running BIND 9.3.6 and a thread on the BIND
> >> list recommends against running a DNSSEC master zone on anything less
> >> than 9.6 and you really should be on 9.7.
> >>
> > The just announced customer only RHEL 5.6 beta notes:
> > bind 9.7 - improved DNSsec support
>
> So is there a Centos 5.6 beta with bind 9.7 or should I switch to
> FC13/14?
>
> And given that this system is pretty much ONLY a DNS server, is my
> 'risk' of using the beta minimal?

I would just wait for CentOS 5.6 and sign later.

If you need to move forward more quickly, you might be able to rebuild
the SRPM's from Fedora for CentOS without too much hassle.

Moving to Fedora 13/14 is fine as long as you're OK with the short
lifecycles of the products.

Ray
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 11-09-2010, 05:48 PM
JohnS
 
Default Running a DNS signed zone on Centos 5.5

On Tue, 2010-11-09 at 13:14 -0500, R P Herrold wrote:
> On Tue, 9 Nov 2010, Robert Moskowitz wrote:
>
> > Since we now have .com signed I want to get my domain signed as well,
> > but I see that Centos 5.5 is running BIND 9.3.6 and a thread on the BIND
> > list recommends against running a DNSSEC master zone on anything less
> > than 9.6 and you really should be on 9.7.
>
> The just announced customer only RHEL 5.6 beta notes:
> bind 9.7 - improved DNSsec support
>
> -- Russ herrold
----
Did you give a kick at build try? targeting el5?

John

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 11-09-2010, 05:48 PM
Les Mikesell
 
Default Running a DNS signed zone on Centos 5.5

On 11/9/2010 12:33 PM, Robert Moskowitz wrote:
> On 11/09/2010 12:14 PM, R P Herrold wrote:
>> On Tue, 9 Nov 2010, Robert Moskowitz wrote:
>>
>>
>>> Since we now have .com signed I want to get my domain signed as well,
>>> but I see that Centos 5.5 is running BIND 9.3.6 and a thread on the BIND
>>> list recommends against running a DNSSEC master zone on anything less
>>> than 9.6 and you really should be on 9.7.
>>>
>> The just announced customer only RHEL 5.6 beta notes:
>> bind 9.7 - improved DNSsec support
>
> So is there a Centos 5.6 beta with bind 9.7 or should I switch to
> FC13/14?
>
> And given that this system is pretty much ONLY a DNS server, is my
> 'risk' of using the beta minimal?

Not sure how much fedora has diverged in recent revisions but it used to
generally be straightforward to grab a fedora source rpm and build it
under Centos.

--
Les Mikesell
lesmikesell@gmail.com
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 11-09-2010, 06:20 PM
R P Herrold
 
Default Running a DNS signed zone on Centos 5.5

On Tue, 9 Nov 2010, Robert Moskowitz wrote:

>> The[y] just announced customer only RHEL 5.6 beta notes:
>> bind 9.7 - improved DNSsec support

> So is there a Centos 5.6 beta with bind 9.7 or should I
> switch to FC13/14?

I inadvertently sent that under a @centos.org email address -
that should have been from @owlriver -- sorry, as it was in no
wise a statement from centos, and was my personal observation
only

> And given that this system is pretty much ONLY a DNS server,
> is my 'risk' of using the beta minimal?

well, you get to keep all the pieces

-- Russ herrold
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 11-09-2010, 06:57 PM
Barry Brimer
 
Default Running a DNS signed zone on Centos 5.5

Quoting R P Herrold <herrold@owlriver.com>:

> On Tue, 9 Nov 2010, Robert Moskowitz wrote:
>
> >> The[y] just announced customer only RHEL 5.6 beta notes:
> >> bind 9.7 - improved DNSsec support
>
> > So is there a Centos 5.6 beta with bind 9.7 or should I
> > switch to FC13/14?
>
> I inadvertently sent that under a @centos.org email address -
> that should have been from @owlriver -- sorry, as it was in no
> wise a statement from centos, and was my personal observation
> only
>
> > And given that this system is pretty much ONLY a DNS server,
> > is my 'risk' of using the beta minimal?
>
> well, you get to keep all the pieces

You may be interested in the instructions for running DNSSEC under RHEL 6 (when
available) that was presented by Red Hat training at the Red Hat Summit this
year.

<http://www.redhat.com/promo/summit/2010/presentations/taste_of_training/Summit_2010_DNSSEC.pdf>
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 11-09-2010, 07:07 PM
"Morten P.D. Stevens"
 
Default Running a DNS signed zone on Centos 5.5

2010/11/9 Robert Moskowitz <rgm@htt-consult.com>:
> My DNS server has been running Centos for some time.
>
> I am in the process of upgrading it to Centos 5.5 (long overdue, I know).
>
> Since we now have .com signed I want to get my domain signed as well,
> but I see that Centos 5.5 is running BIND 9.3.6 and a thread on the BIND
> list recommends against running a DNSSEC master zone on anything less
> than 9.6 and you really should be on 9.7.

Hi Robert,

Take a look at here:

http://people.redhat.com/atkac/bind/5.6-test/
http://people.redhat.com/atkac/bind/5.6-test/bind97-9.7.0-1.P2.src.rpm

This is working fine with CentOS 5.5.

If you don't have enough time to compile it:

http://download.imt-systems.com/rhel5/bind/

Best regards,

Morten
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 11-09-2010, 07:14 PM
Robert Moskowitz
 
Default Running a DNS signed zone on Centos 5.5

On 11/09/2010 01:57 PM, Barry Brimer wrote:
> Quoting R P Herrold<herrold@owlriver.com>:
>
>
>> On Tue, 9 Nov 2010, Robert Moskowitz wrote:
>>
>>
>>>> The[y] just announced customer only RHEL 5.6 beta notes:
>>>> bind 9.7 - improved DNSsec support
>>>>
>>
>>> So is there a Centos 5.6 beta with bind 9.7 or should I
>>> switch to FC13/14?
>>>
>> I inadvertently sent that under a @centos.org email address -
>> that should have been from @owlriver -- sorry, as it was in no
>> wise a statement from centos, and was my personal observation
>> only
>>
>>
>>> And given that this system is pretty much ONLY a DNS server,
>>> is my 'risk' of using the beta minimal?
>>>
>> well, you get to keep all the pieces
>>
> You may be interested in the instructions for running DNSSEC under RHEL 6 (when
> available) that was presented by Red Hat training at the Red Hat Summit this
> year.
>
> <http://www.redhat.com/promo/summit/2010/presentations/taste_of_training/Summit_2010_DNSSEC.pdf>

This is VERY helpful. Thanks.


_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 

Thread Tools




All times are GMT. The time now is 05:10 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org