[178200] in North American Network Operators' Group
Re: OT - Small DNS "appliances" for remote offices.
daemon@ATHENA.MIT.EDU (Mel Beckman)
Thu Feb 19 15:55:58 2015
X-Original-To: nanog@nanog.org
From: Mel Beckman <mel@beckman.org>
To: Keenan Tims <ktims@stargate.ca>
Date: Thu, 19 Feb 2015 20:55:51 +0000
In-Reply-To: <54E64AD5.6040701@stargate.ca>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
Keenan,
Red. Herrings.
You can provision macs over the network. That's one of the functions of Mac=
OSX Server OS. It's trivial to then promote them to servers themselves. Al=
l remotely.
Also, the Mac is running a full BIND9 implementation, not some cutdown vers=
ion. Yes the GUI is minimal, but there's no need to use the GUI, and you do=
n't even have a GUI on other platforms for the most part.
BGP speaker? Come on, you're gilding the lily.
Yes, Apple is silent about its plans. But the Mac Mini and Server OS have =
been well supported for over a decade. I don't know why you're bringing ser=
ver hardware into this, the whole point of the discussion is to avoid using=
server hardware. And how much open source "road map" has failed to materia=
lize? Lots! The future-proofing argument cuts both ways, my friend.
You may have little confidence in Apple, but the rest of the world seems to=
have great confidence. Just look at Apple's stock performance and market c=
ap.
As a famous scientist one said: "The absence of data is not data." :-)
-mel beckman
On Feb 19, 2015, at 12:43 PM, "Keenan Tims" <ktims@stargate.ca<mailto:ktims=
@stargate.ca>> wrote:
If you have a lot of locations, as I believe Ray is looking for, all of
this is a manual process you need to do for each instance. That is slow
and inefficient. If you're doing more than a few, you probably want
something you can PXE boot for provisioning and manage with your
preferred DevOps tools. It also sounds like he wants to run anycast for
this service, so probably needs a BGP speaker and other site-specific
configuration that I assume is not covered by the cookie-cutter OSX
tools. Of course you could still do it this way with a Mac Mini running
some other OS, but why would you want to when there are plenty of other
mini-PC options that are more appropriate?
Also: With Apple dropping their Pro products and leaving customers in
the lurch, and no longer having any actual server hardware, I would have
very little confidence in their server software product's quality org
likely longevity. And of course they're mum on their plans, so it's
impossible to plan around if they decide to exit the market.
Keenan
On 02/19/2015 11:47 AM, Mel Beckman wrote:
If your time is worth anything, you can't beat the Mac Mini, especially for=
a branch office mission-critical application like DNS.
I just picked up a Mini from BestBuy for $480. I plugged it in, applied the=
latest updates, purchased the MacOSX Server component from the Apples Stor=
e ($19), and then via the Server control panel enabled DNS with forwarding.
Total time from unboxing to working DNS: 20 minutes.
The Server component smartly ships with all services disabled, in contrast =
to a lot of Linux distros, so it's pretty secure out of the box. You can ha=
rden it a bit more with the built-in PF firewall. The machine is also IPv6 =
ready out of the box, so my new DNS server automatically services both IPv4=
and IPv6 clients.
You get Apple's warranty and full support. Any Apple store can do testing a=
nd repair.
And with a dual-core 1.4GHz I5 and 4GB memory, it's going to handle loads o=
f DNS requests.
Of course, if your time is worth little, spend a lot of time tweaking slow,=
unsupported, incomplete solutions.
-mel
On Feb 19, 2015, at 11:32 AM, Denys Fedoryshchenko <denys@visp.net.lb<mailt=
o:denys@visp.net.lb>>
wrote:
On 2015-02-19 18:26, Valdis.Kletnieks@vt.edu<mailto:Valdis.Kletnieks@vt.edu=
> wrote:
On Thu, 19 Feb 2015 14:52:42 +0000, David Reader said:
I'm using several to connect sensors, actuators, and such to a private
network, which it's great for - but I'd think at least twice before deployi=
ng
one as a public-serving host in user-experience-critical role in a remote
location.
I have a Pi that's found a purpose in life as a remote smokeping sensor and
related network monitoring, a task it does quite nicely.
Note that they just released the Pi 2, which goes from the original single-=
core
ARM V6 to a quad-core ARM V7, and increases memory from 256M to1G. All at t=
he
same price point. That may change the calculus. I admit not having gotten =
one
in hand to play with yet.
Weird thing - it still has Ethernet over ugly USB 2.0
That kills any interest to run it for any serious networking applications.
---
Best regards,
Denys
