[Tfug] Multiple distros for security?

Matt Jacob matt at mattjacob.com
Fri Jan 23 10:27:51 MST 2009

On Fri, Jan 23, 2009 at 10:14 AM, Brian Murphy
<murphy+tfug at email.arizona.edu> wrote:
> Being less familiar with a distro and dividing your focus in 3
> directions is worse than locking down a single distro.  Because it's

That's my feeling. All of us are familiar with Debian, but we only
have varying levels of fringe knowledge about other distros.
Obviously, I can hop on any system and do basic tasks, but for
security stuff, I prefer to stick with what I know.

> is an additional step to a secure DNS implementation.  Seperate your
> external facing authoritative servers (the ones in the NS records) from
> your internal-only facing recursive servers (the ones config'd in
> resolv.conf/windows control panel/DHCP).

Actually, that's what our implementation plan calls for. The recursive
servers are running dnscache and the authoritative servers are running
PowerDNS. It's a little trickier than firewalling off the recursive
servers, though. Those need to be customer-facing and

Now it's just a matter of convincing the co-workers, but I know some
of them are TFUG members, so I'll keep my mouth shut and let the list
do the talking. :-)


More information about the tfug mailing list