Bind DNS servers: can they coexist with httpd and mail servers?
Reindl Harald
h.reindl at thelounge.net
Wed Jul 19 10:56:10 UTC 2017
Am 19.07.2017 um 12:53 schrieb Tony Finch:
> Tom Browder <tom.browder at gmail.com> wrote:
>
>> I want to host my own DNS servers, but I need the master to share Bind with
>> other services, specifically Apache 2.4, Postfix 3.3, and Mailman 3.
>
> It's how we did things in the 1990s :-)
and thanks systemd we can do that these days too with a better security :-)
[root at rh:~]$ cat /usr/lib/systemd/system/httpd.service
[Unit]
Description=Apache Webserver
After=network.service systemd-networkd.service network-online.target
mysqld.service
[Service]
Type=simple
EnvironmentFile=-/etc/sysconfig/httpd
Environment="PATH=/usr/bin:/usr/sbin"
ExecStart=/usr/sbin/httpd $OPTIONS -D FOREGROUND
ExecReload=/usr/sbin/httpd $OPTIONS -k graceful
Restart=always
RestartSec=1
UMask=006
TasksMax=1024
PrivateTmp=yes
PrivateDevices=yes
NoNewPrivileges=yes
CapabilityBoundingSet=CAP_DAC_OVERRIDE CAP_IPC_LOCK CAP_NET_BIND_SERVICE
CAP_SETGID CAP_SETUID
RestrictAddressFamilies=AF_INET AF_INET6 AF_LOCAL AF_UNIX
RestrictRealtime=yes
SystemCallArchitectures=x86-64
SystemCallFilter=~@clock @cpu-emulation @debug @keyring @module @mount
@obsolete @raw-io @reboot @resources @swap acct modify_ldt add_key
adjtimex clock_adjtime delete_module fanotify_init finit_module
get_mempolicy init_module io_destroy io_getevents iopl ioperm io_setup
io_submit io_cancel kcmp kexec_load keyctl lookup_dcookie mbind
migrate_pages mount move_pages open_by_handle_at perf_event_open
pivot_root process_vm_readv process_vm_writev ptrace remap_file_pages
request_key set_mempolicy swapoff swapon umount2 uselib vmsplice
ReadOnlyDirectories=/
ReadWriteDirectories=-/run
ReadWriteDirectories=-/tmp
ReadWriteDirectories=-/Volumes/dune/modsec-upload
ReadWriteDirectories=-/Volumes/dune/tmp
ReadWriteDirectories=-/Volumes/dune/www-servers
ReadWriteDirectories=-/data/www
ReadWriteDirectories=-/mnt/data/www
ReadWriteDirectories=-/data/xdebug
ReadWriteDirectories=-/mnt/data/xdebug
ReadWriteDirectories=-/var/cache/mailgraph
ReadWriteDirectories=-/var/lib/smokeping
ReadWriteDirectories=-/var/log
ReadWriteDirectories=-/var/www/sessiondata
ReadWriteDirectories=-/var/www/sessiondata-phpmyadmin
ReadWriteDirectories=-/var/www/uploadtemp
ReadWriteDirectories=-/var/www/uploadtemp-phpmyadmin
More information about the bind-users
mailing list