Am 18.08.2011 03:35, schrieb Michael Mol: > On Wed, Aug 17, 2011 at 5:53 PM, Alan McKinnon <alan.mckin...@gmail.com> > wrote: >> On Wed 17 August 2011 17:23:41 Michael Mol did opine thusly: >>> On Wed, Aug 17, 2011 at 4:56 PM, Grant <emailgr...@gmail.com> wrote: >>>> I currently use a free service to host the DNS records for my >>>> website, but I'm thinking of running a DNS server on the same >>>> machine that runs my website instead. Would that be fairly >>>> trivial to set up and maintain? If so, which package should I >>>> use? >>> >>> ISC bind is the de facto standard for DNS servers. I haven't >>> administered bind on Gentoo, but on Debian, most of the problems I >>> run into come from how Debian packages and updates configuration >>> files. >>> >>> I'm not running DNS servers in any major production capacity; I've >>> got a bind server at home linking my home domain and my employer's >>> work domain across a VPN, and updated dynamically via a dhcpd on >>> the same server. It's also serving as a caching recursive resolver >>> for my home network, which was *really* necessary when I was still >>> on AT&T. (The DSL link was dropping packets every now and again, >>> and it's a PITA when that happens to DNS queries) >> >> You're running an auth server and a cache on the same machine? > > Split across a couple views, but yeah. And no recursion allowed on the wan > side. > >> >> At a minimum they should be on different interfaces and preferably in >> chroots. Otherwise all manner of $BAD_STUFF happens. > > Hm. Interested. > > echo $BAD_STUFF > > (or URI) >
URI: http://cr.yp.to/djbdns/separation.html Regards, Florian Philipp
signature.asc
Description: OpenPGP digital signature