FreeBSD, Security, and BIND
James Raftery
james-bind-users at domainregistry.ie
Fri Aug 4 10:38:38 UTC 2000
On Thu, Aug 03, 2000 at 10:44:07AM -0700, Chuck Hager wrote:
> Please forgive me if this question sounds immature, it appears
> that my first question has insulted some of you, but I've only
> been working with BSD for just a couple of weeks.
I, for one, wasn't insulted in any way. Rather the question you asked
couldn't be answered in a meaningful way.
It was equivalent to asking "If I build my house using a Bosch hammer
and Hilti nails, how good will my house be?". It depends. How good are
you at using a hammer?
> I was wondering how the experts out there prefer to have your
> hardware topology setup for running DNS, web and mail on the
> Internet. (Keeping security and availability in mind)
I would discourage the use of identical hardware and software. Diversity
is a good thing. That said, don't use something different just for
kicks.
> Would it be wiser to configure ipfw on
> each DNS, web and mail servers, or put all of them behind some
> sort of firewall?
Personally, I do both. 'Defence in depth' and all that.
Regards,
james
--
James Raftery (JBR54) - Programmer Hostmaster - IE TLD Hostmaster
IE Domain Registry - www.domainregistry.ie - (+353 1) 706 2375
"Managing 4000 customer domains with BIND has been a lot like
herding cats." - Mike Batchelor, on dns at list.cr.yp.to.
More information about the bind-users
mailing list