Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 4748
  • Last Modified:

Open Source DNS Virtual Appliance

We would like to deploy a public facing DNS server in our DMZ.  All of our DMZ servers reside on a VMware 5 host.  I was wondering if there are any open source DNS servers with web interfaces that come pre-assembled on a hardened Linux appliance.  I'm basically looking for an OVF template that I can deploy on our VMware host and then browse to it to configure it.  I don't know enough about Linux to properly deploy a secure DNS server from scratch and I don't really want to pay for Windows Server 2008 R2 licenses just for DNS.
0
CIPortAuthority
Asked:
CIPortAuthority
1 Solution
 
edster9999Commented:
Hmmmmm.... tough question -
This is one of those questions where there is no right answer and whatever is said, people will say that is the worst answer.
There is no good or bad Linux distribution - just osme do things better than others.

First of all - there is no distribution that is ready built just as a DNS server.  I guess this job is too small.  Linux does so much - people would be thinking why limit it to do just that.
Almost any distribution will allow you to install a DNS service like BIND  (or will come with it already installed).

There will then be people who shudder at the idea of configuring your server over GUI or web interface when it is in the DMZ.  What if there is a security hole and someone redirects your web services to their server ?
One option here would be to have two servers.  One inside your closed down firewall which you can configure with a web page - and this then feeds out to one outside.
Another idea would be to have the server in a slightly more secure location so it is firewalled off and ONLY the ports needed for DNS would be allowed through - the rest could come from inside your firewall and allow more access to config etc.

Pick a Linux distribution - look for one that has a secure server setup.
When you have that install a GUI config like WEBMIN and then get the ports opened on the firewall to allow it to work.

You should also have a backup DNS out on the internet.  There are free ones or pay ones - depending on what you want / need it to do.

Good luck :)
0
 
CIPortAuthorityAuthor Commented:
Sorry for taking so long to reply but I was waiting to see if there would be any other comments.

Thanks for the helpful information!
0

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now