Where to run bind9 host or virtual machine?

W

WillEndure

New Member
Feb 17, 2025
8
0
1
I am migrating from an old Debian xen hypervisor to proxmox. In my old system I ran bind9 on the xen Dom0 to act as DNS server for my local domain.

Should I run bind9 on the proxmox host? Or should I set up a virtual machine to act as the DNS server? I generally assume that the host should not be customized if it can be avoided.
 
Hi @WillEndure , welcome to the forum

WillEndure said:
Should I run bind9 on the proxmox host? Or should I set up a virtual machine to act as the DNS server? I generally assume that the host should not be customized if it can be avoided.
Click to expand...
Both approaches have their pros and cons. Running DNS in a VM is perfectly fine, as long as your hypervisor doesn’t depend on that service for proper function.

That said, while it’s generally best to avoid installing additional packages directly on the hypervisor, it’s not strictly prohibited and is commonly done. Since PVE is based on Debian, adding packages is straightforward.

However, it’s important to avoid installing software that may conflict with Proxmox’s core components—so it shouldn’t be treated as a “free-for-all” environment.


Blockbridge : Ultra low latency all-NVME shared storage for Proxmox - https://www.blockbridge.com/proxmox
 
Installed it on the host in the end. This is a one-off set up, so I think customizing the host a little is ok for me. Convenient to put DNS there, as it will be available even if all VMs are shutdown.
 
Customizing the host is annoying, if you ever need to reinstall it. If you put all your various services and local customizations into containers, you can use the build-in tools (i.e. PBS) to quickly restore all your settings. Virtual machines are of course OK, but I find that containers strike a better balance.
 
zodiac said:
Customizing the host is annoying, if you ever need to reinstall it. If you put all your various services and local customizations into containers, you can use the build-in tools (i.e. PBS) to quickly restore all your settings. Virtual machines are of course OK, but I find that containers strike a better balance.
Click to expand...

Thanks, I will check out how to do that. Simple enough to uninstall bind9 to get back to a clean host as its the only customization I am making.
 
BTW - what do you do about customizing the host for something like ssh? I can ssh as root and with a password onto the host. So I want to harden the ssh by only allowing with keys, not as root, no password, and hardened choice of key algorithms.

Should I customize the host for that? Or is there some way to layer that on top?

I suppose I could even make my own Debian package with my sshd config in it, so that at least I have a "standard install" of it - and could also make a docker layer out of it by consuming that pacakge.

Is there a way that is more native to proxmox for "repeatable" host config?
 
Some amount of customization is unavoidable. If it's restricted to making very basic changes in /etc, I don't feel too bad about it. That can be documented, backed up, and automated. It's also reasonably easy to reverse-engineer, if you ever had to do so because you lost your notes. Where things start breaking down is, if you install a bunch of complex additional software, make heavy configuration changes, introduce a lot of inter-dependencies, and have customizations that are poorly documented or backed up.

In general, you'll never be able to get these changes down to absolutely zero. Configuring SSH to follow your local conventions and preferences is a good example. And so is making adjustments that are hardware-specific. On one of my servers, I need to change PCIe timing and disable some network offloading in order for things to work reliably. That's obviously not something that Proxmox knows how to do out of the box. There is no way around making these local changes and then documenting what I did.

On another node, I want to pass through a GPU to one of the VMs. Proxmox in principle has all the required tools to do so, but you need to make some modifications to the host system to prevent it from claiming this hardware for itself. That's not something that Proxmox directly exposes and you have to make local modifications. This is obviously fragile, but it is also very powerful. Just make sure to document what you did.
 
Sounds ok.

What I usually do is create a /root/build_steps.txt file and document everything I did to a system there.

Also doing GPU passthrough on this one.
 
You must log in or register to reply here.
Top Bottom
Back