Discuss mailing list

[Alex <coyo AT darkdna.net>]

On 5/3/2012 3:43 PM, webmaster AT blockaid.me wrote:
> There is nothing wrong with what you're doing and I wouldn't class ubuntu as a noob distro. I run a number of large websites and maintain two public dns resolvers, all running on ubuntu.
>
> Personally I am not a fan of bind, but each to their own.
>
> I like the idea of having a secure wiki, and as long as it is community-driven, I don't think there will be any shortage of guides for different distributions. That is at least if this mailing list is anything to go by - that is me paying you guys a compliment by the way.
> Sent from my BlackBerry® smartphone on O2

I personally see ubuntu as a "newbie distro," but that does NOT mean i would suggest you use anything other than what you are most comfortable with. there is no shame in it.

You should use whatever you prefer the most, and if that choice is Ubuntu, than that's what you should use.

I personally currently prefer straight debian in case you were curious, not that it really matters.

My taste is likely to change without notice, and be wildly different from one year to the next, because I am still young, and learning my own tastes, and still finding my way in the engineering field.

> -------------------------
> *From: * Dale <dweide9 AT aim.com>
> *Sender: * discuss-request AT lists.opennicproject.org
> *Date: *Thu, 3 May 2012 16:22:51 -0400 (EDT)
> *To: *<discuss AT lists.opennicproject.org>
> *ReplyTo: * discuss AT lists.opennicproject.org
> *Subject: *Re: [opennic-discuss] Attack Countermeasures: An Exercise of Paranoia
>
> I like the idea of a "Secure OpenNIC Configuration" Wiki page. But would it be OS specific? As a newb, tinkering with bind in my spare time, I find that ubuntu server just works. I imagine you guys primarily use BSD, correct? I'm good at following instructions, but FreeBSD doesn't seem to play as nicely (for a PC to Linux guy, with no pure Unix experience). It may be that there are enough engineers out there to satisfy OpenNIC's needs. In which case, it is probably best to avoid using amateurs like me. But if it's "All hands on deck!", then I'll need a "kiddie pool" : )
>
> Dale
>
>
> -----Original Message-----
> From: Falk Husemann <josen AT paketsequenz.de>
> To: discuss <discuss AT lists.opennicproject.org>
> Sent: Thu, May 3, 2012 12:08 pm
> Subject: Re: [opennic-discuss] Attack Countermeasures: An Exercise of Paranoia
>

Hello,

I've thought about some of the possible problems the whole day and asked
myself: What could be of use, just in case?

As a first starting point for security interested T1/T2 owners, we could
really try to have a "Secure OpenNIC Configuration" Wiki page where
detailed step-by-step instructions are given to secure your BIND
nameserver. What do you think?

Alex #1 really has good points on what might happen. We could try to
work out a Emergency/Desaster Plan for server owners that they can read
through, if someone really does bad.

This doesn't have to be rocket science, just basic guidelines to point
people at. No "total fort knox we'll shoot you if you blink" things like
"get bgp and nullroute the attackers", but baseline security advice for
intermediate server owners (most of us are, I guess, it's still just a
hobby).

I've worked with and without such things and its a better experience,
when you have a _useful_ Emergency plan, but even a bad one is better
than first having to think about what your options are. Think about
secure configuration like cancer prevention :)

Greets,
Falk

>
>
> --------
> You are a member of the OpenNIC Discuss list.
> You may unsubscribe by emailing discuss-unsubscribe AT lists.opennicproject.org <mailto:discuss-unsubscribe AT lists.opennicproject.org>

Attachment: 0xC34ED745.asc
Description: application/pgp-keys

Attachment: signature.asc
Description: OpenPGP digital signature