Enterprise Unix Roundup: Is Redmond Freezing Over? Page 2

By Michael Hall (Send Email)
Posted Apr 21, 2005

Main     In Other News     Recent Updates     Tips of the Trade

Recent Updates

  • Web server Apache was updated to version 2.0.54. The new version includes a series of bugfixes and a build script for the creation of Solaris packages.

  • Apple's OS X operating system was updated to version 10.3.9. The new version includes several improvements to network file system support, bugfixes, and an upgrade of Apple's Safari browser to incorporate changes expected when OS X 10.4 (Tiger) is released next week. Apple also released security update 2005-004, which includes a fix to iSync.

  • The Kerio mail server was updated to version 6.0.9. The new version includes support for Blackberry devices, enhanced logging, stability fixes for versions running under Red Hat Linux, and improved SpamAssassin rules to avoid false positives from AOL and Yahoo!.

  • Vulnerabilities in the Web scripting language PHP have caused several distributors to release patches, including Mandriva, Fedora Core 3, Gentoo, SUSE, Debian, and Ubuntu.

  • The Debian project released Debian GNU/Linux 3.0r5 on Saturday. The new release is largely comprised of security fixes, plus enhancements to serious bugs. As with all updates of this kind, the release is an incremental change to the base 3.0 distribution. Thus, it requires only an update of existing packages, not a completely new set of installation media.

Tips of the Trade

Last week's Tip of the Trade covered PowerDNS, a high-demand secure DNS server suitable for the enterprise. Today we'll look at MaraDNS, a lighter-weight secure DNS server designed for DNS admins with simpler needs.

MaraDNS is designed to use a minimum of system resources, to be as simple as possible, and to be secure. It runs on Unix and Linux, as well as Windows under Cygwin. MaraDNS includes both an authoritative server and a recursive resolver. They are completely separate, so you can set up one or the other, or both. The most secure way to run MaraDNS is as an unprivileged user in a chroot jail. It is resistant to buffer overflows, cache poisoning, and spoofing, and has built-in access controls. Old unused records are periodically purged from the cache.

Configuration is simple. To set up an authoritative DNS server, there are two files: mararc, and a domain zone file. You need a separate zone file for each domain. A migration tool, getzone, is also included. It assists with migrations from other DNS servers. To set up a recursive resolver, only the mararc file is needed. To set up a secondary nameserver, simply set up a simple cron job to run getzone periodically, rather than fussing with silly serial numbers.

While MaraDNS is designed for smaller, simpler needs, it scales up nicely to serve a large number of domains.

MaraDNS is a good DNS server for a newbie DNS admin. It comes with a basic DNS tutorial and excellent documentation. See maradns.org for downloads and howtos.

Carla Schroder writes the Tips of the Trade section of Enterprise Unix Roundup. She also appears on Enterprise Networking Planet and Linux Planet, covering Linux from the desktop to the server room, and is the author of the Linux Cookbook.

>> To Main
>> To Other News

Page 2 of 2

Comment and Contribute

Your name/nickname

Your email

(Maximum characters: 1200). You have characters left.