OT - Small DNS "appliances" for remote offices.

Mel Beckman mel at beckman.org
Thu Feb 19 20:55:51 UTC 2015


Keenan,

Red. Herrings.

You can provision macs over the network. That's one of the functions of Mac OSX Server OS. It's trivial to then promote them to servers themselves. All remotely.

Also, the Mac is running a full BIND9 implementation, not some cutdown version. Yes the GUI is minimal, but there's no need to use the GUI, and you don't even have a GUI on other platforms for the most part.

BGP speaker? Come on, you're gilding the lily.

Yes, Apple is silent about its plans.  But the Mac Mini and Server OS have been well supported for over a decade. I don't know why you're bringing server hardware into this, the whole point of the discussion is to avoid using server hardware. And how much open source "road map" has failed to materialize? Lots! The future-proofing argument cuts both ways, my friend.

You may have little confidence in Apple, but the rest of the world seems to have great confidence. Just look at Apple's stock performance and market cap.

As a famous scientist one said: "The absence of data is not data." :-)

 -mel beckman

On Feb 19, 2015, at 12:43 PM, "Keenan Tims" <ktims at stargate.ca<mailto:ktims at stargate.ca>> wrote:

If you have a lot of locations, as I believe Ray is looking for, all of
this is a manual process you need to do for each instance. That is slow
and inefficient. If you're doing more than a few, you probably want
something you can PXE boot for provisioning and manage with your
preferred DevOps tools. It also sounds like he wants to run anycast for
this service, so probably needs a BGP speaker and other site-specific
configuration that I assume is not covered by the cookie-cutter OSX
tools. Of course you could still do it this way with a Mac Mini running
some other OS, but why would you want to when there are plenty of other
mini-PC options that are more appropriate?

Also: With Apple dropping their Pro products and leaving customers in
the lurch, and no longer having any actual server hardware, I would have
very little confidence in their server software product's quality org
likely longevity. And of course they're mum on their plans, so it's
impossible to plan around if they decide to exit the market.

Keenan

On 02/19/2015 11:47 AM, Mel Beckman wrote:
If your time is worth anything, you can't beat the Mac Mini, especially for a branch office mission-critical application like DNS.

I just picked up a Mini from BestBuy for $480. I plugged it in, applied the latest updates, purchased the MacOSX Server component from the Apples Store ($19), and then via the Server control panel enabled DNS with forwarding.

Total time from unboxing to working DNS: 20 minutes.

The Server component smartly ships with all services disabled, in contrast to a lot of Linux distros, so it's pretty secure out of the box. You can harden it a bit more with the built-in PF firewall. The machine is also IPv6 ready out of the box, so my new DNS server automatically services both IPv4 and IPv6 clients.

You get Apple's warranty and full support. Any Apple store can do testing and repair.

And with a dual-core 1.4GHz I5 and 4GB memory, it's going to handle loads of DNS requests.

Of course, if your time is worth little, spend a lot of time tweaking slow, unsupported, incomplete solutions.

-mel

On Feb 19, 2015, at 11:32 AM, Denys Fedoryshchenko <denys at visp.net.lb<mailto:denys at visp.net.lb>>
wrote:

On 2015-02-19 18:26, Valdis.Kletnieks at vt.edu<mailto:Valdis.Kletnieks at vt.edu> wrote:
On Thu, 19 Feb 2015 14:52:42 +0000, David Reader said:
I'm using several to connect sensors, actuators, and such to a private
network, which it's great for - but I'd think at least twice before deploying
one as a public-serving host in user-experience-critical role in a remote
location.
I have a Pi that's found a purpose in life as a remote smokeping sensor and
related network monitoring, a task it does quite nicely.
Note that they just released the Pi 2, which goes from the original single-core
ARM V6 to a quad-core ARM V7, and increases memory from 256M to1G. All at the
same price point.  That may change the calculus. I admit not having gotten one
in hand to play with yet.
Weird thing - it still has Ethernet over ugly USB 2.0
That kills any interest to run it for any serious networking applications.

---
Best regards,
Denys




More information about the NANOG mailing list