On Thu, Aug 12, 1999 at 02:13:50PM -0700, Russ Allbery wrote:
> Er... if it's handling a reasonably high volume of mail. If it's only
> churning out a message or two every ten minutes, I wouldn't bother; BIND
> is a huge memory hog and also a program that tends to have to be
> frequently upgraded due to security holes.
We've come around this by configuring bind only to listen on 127.0.0.1
and we've put
------------------------------------------------------------------------
domain space.net
nameserver 127.0.0.1
nameserver 195.30.0.2
nameserver 195.30.0.1
------------------------------------------------------------------------
into /etc/resolv.conf
This makes the bind running on the mailserver inaccessible from the
outside and as there are only few trusted users on the mailhub exploits
which use access/priviledge holes on the local filesystem are not
really that big a problem.
Other than that I agree that a named on a very low volume mail server
is not really needed.
\Maex
--
SpaceNet GmbH | http://www.Space.Net/ | Yeah, yo mama dresses
Research & Development | mailto:[EMAIL PROTECTED] | you funny and you need
Joseph-Dollinger-Bogen 14 | Tel: +49 (89) 32356-0 | a mouse to delete files
D-80807 Muenchen | Fax: +49 (89) 32356-299 |
