Hi, Actually: we are in a similar situation. We're currently running bind9, and were interested in to switching to NSD for the authorative dns services, but it seems that you have to compile newer releases (with security fixes etc) yourself, or there is a repo somewhere we're missing? We're on debian 10. It recommended to simply install the NSD that debian comes with, and rely on debian for the security fixes? MJ On 6/6/21 11:50 AM, Mukul Shukla via nsd-users wrote:> Dear All, > > I am working as a Professor in a University in India. For our > University, I want to setup an Authoritative Name Server. Currently we > are running djbdns, since long. > Although djbdns is a wonderful DNS server, the maintenance of it has > become very troublesome. It also lacks many new security features. The > BIND9, I am not convinced, if it will be useful in our case. Its a huge > software, and we dont need all the features of it. > > I wan thinking of running my Authoritative Name Servers, Primary and > Secondary on NSD, as we are already using Unbound for recursive name > resolution. > > I would like to get the comments from the users as to whether my > decision is correct or not? I have found that very few > tutorial/manuals/articles are available for the NSD setup . Being new to > NSD, I feel hesitant in replacing by running DNS server with NSD. Would > like to have some suggestions and comment. Kindly suggest any other > alternatives, if that is useful in my case. > > Thank you. > > Mukul Shukla > Prof. (IT) > SGSITS, Indore, > INDIA > > Thanking > > _______________________________________________ > nsd-users mailing list > nsd-users at lists.nlnetlabs.nl > https://lists.nlnetlabs.nl/mailman/listinfo/nsd-users >
On 06/06/2021 16:26, mj via nsd-users wrote: Hi MJ,> Actually: we are in a similar situation. We're currently running bind9, > and were interested in to switching to NSD for the authorative dns > services, but it seems that you have to compile newer releases (with > security fixes etc) yourself, or there is a repo somewhere we're missing? > > We're on debian 10. It recommended to simply install the NSD that debian > comes with, and rely on debian for the security fixes?Debian packages are often well behind upstream releases. For example, Debian 10 (buster) still has NSD 4.1.26, whereas the upstream version is 4.3.6. However, for Debian, there's usually a repository called backports. If you enable it, you can get newer versions of packages. For example, "buster-backports" currently has NSD 4.3.5 in it. You could also enable the "experimental" repo and get the latest 4.3.6 release. Regards, Anand
Dear all I think newer releases of Debian like Debian Testing should have the newer versions. Compiling from sources is also not a problem. It appears to be straight forward. Although, I am yet to test them. I am in the phase of deciding whether to use NSD for Authoritative services or not. I am also considering the two others:. 1. PowerDNS - Has got a very good reputation and a very good manual. 2. Knot - Very good security features and manual. But I liked the lightness of NSD and wanted to know if it would be OK to use it for a long run. The list is very sparse I think. Nobody seems to be responding. Thank you for your reply. Mukul On Sun, Jun 6, 2021 at 8:01 PM mj via nsd-users < nsd-users at lists.nlnetlabs.nl> wrote:> Hi, > > Actually: we are in a similar situation. We're currently running bind9, > and were interested in to switching to NSD for the authorative dns > services, but it seems that you have to compile newer releases (with > security fixes etc) yourself, or there is a repo somewhere we're missing? > > We're on debian 10. It recommended to simply install the NSD that debian > comes with, and rely on debian for the security fixes? > > MJ > > On 6/6/21 11:50 AM, Mukul Shukla via nsd-users wrote: > > Dear All, > > > > I am working as a Professor in a University in India. For our > > University, I want to setup an Authoritative Name Server. Currently we > > are running djbdns, since long. > > Although djbdns is a wonderful DNS server, the maintenance of it has > > become very troublesome. It also lacks many new security features. The > > BIND9, I am not convinced, if it will be useful in our case. Its a huge > > software, and we dont need all the features of it. > > > > I wan thinking of running my Authoritative Name Servers, Primary and > > Secondary on NSD, as we are already using Unbound for recursive name > > resolution. > > > > I would like to get the comments from the users as to whether my > > decision is correct or not? I have found that very few > > tutorial/manuals/articles are available for the NSD setup . Being new to > > NSD, I feel hesitant in replacing by running DNS server with NSD. Would > > like to have some suggestions and comment. Kindly suggest any other > > alternatives, if that is useful in my case. > > > > Thank you. > > > > Mukul Shukla > > Prof. (IT) > > SGSITS, Indore, > > INDIA > > > > Thanking > > > > _______________________________________________ > > nsd-users mailing list > > nsd-users at lists.nlnetlabs.nl > > https://lists.nlnetlabs.nl/mailman/listinfo/nsd-users > > > _______________________________________________ > nsd-users mailing list > nsd-users at lists.nlnetlabs.nl > https://lists.nlnetlabs.nl/mailman/listinfo/nsd-users >-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.nlnetlabs.nl/pipermail/nsd-users/attachments/20210606/8758ade4/attachment.htm>
On Sun, 6 Jun 2021, mj via nsd-users wrote:> Actually: we are in a similar situation. We're currently running bind9, and > were interested in to switching to NSD for the authorative dns services, but > it seems that you have to compile newer releases (with security fixes etc) > yourself, or there is a repo somewhere we're missing? > > We're on debian 10. It recommended to simply install the NSD that debian > comes with, and rely on debian for the security fixes?Distros are always a little bit slower by design. I'm not as familiar with Debian/Ubuntu, but I compile the latest NLnetlabs softwate pretty quickly on Fedora and you can quickly use those spec files on the slower RHEL/CentOS too. I even recently talked with NLnetlabs about them/us doing this a bit more structurally. Paul