Moving BIND from Solaris to Linux

Lightner, Jeff JLightner at water.com
Mon Oct 1 13:50:33 UTC 2012


We use RHEL mainly because that's our distro of choice for most of our applications.  It is the most popular "commercial" distro is the one most 3rd party commercial applications (e.g. Oracle) support.   (Of course SLES has a lot of support as well but not quite a much - others will tell you Ubuntu is commercially supported by Canonical but what I'm talking about is the platform other vendors are willing to say they support their applications upon.)

The benefit of using RHEL is they provide you with BIND (including a chroot'ed version) packages so you get security and bug fixes.

The downside is the way RedHat does things is to use an upstream version as their base then they backup bug and security fixes into it from later upstream versions.  They add extended versioning to what you actually have but you end up looking as if you're still running say, BIND 9.3.1 on RHEL5, but the one you're actually running has diverged from the base.   This causes many folks (e.g. PCI security scanning organizations, people on the BIND mailing list) to think you're running an insecure version because they don't check for the extended versioning.  In fact you're not running insecurely.   You can hide the version of BIND so that security scanners don't find it.    However, as newer features are added upstream they don't all necessarily make it into the RHEL modified version.

One idea would be to use RHEL but still download and compile your own BIND on top of it.  However, if the only thing on your RHEL server is BIND you have to wonder why you're paying RedHat a subscription.   The main benefit would be continuity of platform if you're running multiple servers for diverse purposes as we are.





-----Original Message-----
From: bind-users-bounces+jlightner=water.com at lists.isc.org [mailto:bind-users-bounces+jlightner=water.com at lists.isc.org] On Behalf Of Fajar A. Nugraha
Sent: Monday, October 01, 2012 9:20 AM
To: Graham Butler
Cc: bind-users at lists.isc.org
Subject: Re: Moving BIND from Solaris to Linux

On Mon, Oct 1, 2012 at 7:58 PM, Graham Butler <g.butler at hud.ac.uk> wrote:
> We are currently looking at replacing our Solaris boxes with a flavour
> of Linux to run BIND with a focus on Red Hat and Ubuntu. I am trying
> to collect some evidence to which OS is being used to run BIND and
> why, before we make a decision. Could you please respond by sending
> me, or the list, information on which OS you are using to run BIND and
> any information on why your decided to run it on that particular platform.
>
>
>
> I am also asking other list for similar information on Squid, Exim,
> Apache, etc.......

Searching "unix linux migration" in Google would probably save you lots of time instead of waiting for list responses.

Anyway, in my past experience, the bigesst difference was not so much the OS, but rather the hardware. x86 (or rather, amd64) kick other platform's a**, performance-wise, on hardware with relatively-similar budget.

When you mostly run "popular" open source software, running it on Linux would usually offer additional advantage of making your life easier since the distro maintainers would take care of providing up-to-date or secure-enough packages.

--
Fajar
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
bind-users at lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users




Athena(r), Created for the Cause(tm)
Making a Difference in the Fight Against Breast Cancer

---------------------------------
CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential information and is for the sole use of the intended recipient(s). If you are not the intended recipient, any disclosure, copying, distribution, or use of the contents of this information is prohibited and may be unlawful. If you have received this electronic transmission in error, please reply immediately to the sender that you have received the message in error, and delete it. Thank you.
----------------------------------




More information about the bind-users mailing list