I would run a firewall even for BIND alone on a box in case the box gets compromised through BIND. Allowing remote access and DNS, then dropping everything else as the general firewall policy should be pretty straightforward. But with the IP on this particular BIND box being public, it's really like any other server on the internet. Port forwarding or NAT in that case would be unnecessary.
On Thu, 2020-10-15 at 21:01 +0200, Stephane Bortzmeyer wrote: > On Thu, Oct 15, 2020 at 02:03:52PM -0400, > Kevin A. McGrail <kmcgr...@pccc.com> wrote > a message of 8 lines which said: > > > Firewalls are cheap and the level of effort to run a bastion host > > are > > significant. > > Firewalls are useful when you want to protect unamanaged printers and > Windows boxes (or Web servers with a lot of crappy PHP) but a BIND > server on a reasonably managed Unix box do not need them. > -- Michael De Roover <i...@nixmagic.com> _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users