0

  1. I want to use Dos Deflate, do I need to use APF or does this script work with CSF as well?

  2. What is the command to tell if APF is running?

  3. What is the command to tell if CSF is running?

  4. I am using my hosting company's free DNS service, yet my server has DNS set up on it. If I disable DNS services on my server - will it help in optimization by freeing up server resources or will the effect be so minuscule that it can't be noticed?

Thank You

EDIT:

Sorry, I will be more specific. DOS Deflate is a free script installed on a lot of servers to prevent DDOS attacks.

APF and CSF are the two most common software firewalls available for Linux.

  • 1
    I guess you have to be a lot more specific. What is APF? And CSF? Dos deflate? Really, I have no idea what you are talking about. It's always a good idea to disable/uninstall everything you don't need in order to minimize potential problems, so if you don't need a DNS server on your box, get rid of it. – Sven Oct 10 '09 at 18:20
  • I would really disagree with your comments wrt APF and CSF. You might want to link their project pages. – David Pashley Oct 10 '09 at 19:37
  • if I am not mistaken, apf&csf are iptables, with different user interface. – TiFFolk Oct 10 '09 at 19:55

2 Answers2

1

  1. I'm not familiar with deflate, but it appears as though it works with APF. It also appears as though CSF has features similar to the combination of defalate and APF.

  2. APF is an iptables based firewall. That is, it's a script that configures iptables based on its configuration files. So APF isn't a "process" that's running. However, I think you can run "apf --status" to get something out of it, but I think it just echos the log, which is typically in /var/log. You can run "iptables -L -n" to verify iptables configuration.

  3. Haven't used it, but it's also iptables based.

  4. If you don't need it, you don't need it. However, it sorta sounds like you might be running cpanel? If so, you shouldn't go manually hacking the machine, it'll just cause problems down the road.

Boden
  • 4,968
  • 12
  • 49
  • 70
0

As for me, i don't see any reason to install DNS server on each hosting server, because:

  • it can cause problems
  • another app to be watched for vulnerabilities (remeber latest BIND bug)
  • another aim for DoS
  • another app to configure and to monitor

So, to avoid everything mentioned above- user your Hosting provider's DNS.

TiFFolk
  • 1,077
  • 3
  • 15
  • 25